---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  annotations:
    api-approved.kubernetes.io: https://github.com/kubernetes/test-infra/pull/8669
    controller-gen.kubebuilder.io/version: v0.6.3-0.20210827222652-7b3a8699fa04
  creationTimestamp: null
  name: prowjobs.prow.k8s.io
spec:
  preserveUnknownFields: false
  group: prow.k8s.io
  names:
    kind: ProwJob
    listKind: ProwJobList
    plural: prowjobs
    singular: prowjob
  scope: Namespaced
  versions:
  - additionalPrinterColumns:
    - description: The name of the job being run
      jsonPath: .spec.job
      name: Job
      type: string
    - description: The ID of the job being run.
      jsonPath: .status.build_id
      name: BuildId
      type: string
    - description: The type of job being run.
      jsonPath: .spec.type
      name: Type
      type: string
    - description: The org for which the job is running.
      jsonPath: .spec.refs.org
      name: Org
      type: string
    - description: The repo for which the job is running.
      jsonPath: .spec.refs.repo
      name: Repo
      type: string
    - description: The pulls for which the job is running.
      jsonPath: .spec.refs.pulls[*].number
      name: Pulls
      type: string
    - description: When the job started running.
      jsonPath: .status.startTime
      name: StartTime
      type: date
    - description: When the job finished running.
      jsonPath: .status.completionTime
      name: CompletionTime
      type: date
    - description: The state of the job.
      jsonPath: .status.state
      name: State
      type: string
    name: v1
    schema:
      openAPIV3Schema:
        description: ProwJob contains the spec as well as runtime metadata.
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          spec:
            description: "ProwJobSpec configures the details of the prow job. \n Details
              include the podspec, code to clone, the cluster it runs any child jobs,
              concurrency limitations, etc."
            properties:
              agent:
                description: Agent determines which controller fulfills this specific
                  ProwJobSpec and runs the job
                type: string
              cluster:
                description: Cluster is which Kubernetes cluster is used to run the
                  job, only applicable for that specific agent
                type: string
              context:
                description: Context is the name of the status context used to report
                  back to GitHub
                type: string
              decoration_config:
                description: DecorationConfig holds configuration options for decorating
                  PodSpecs that users provide
                properties:
                  censor_secrets:
                    description: CensorSecrets enables censoring output logs and artifacts.
                    type: boolean
                  censoring_options:
                    description: CensoringOptions exposes options for censoring output
                      logs and artifacts.
                    properties:
                      censoring_buffer_size:
                        description: CensoringBufferSize is the size in bytes of the
                          buffer allocated for every file being censored. We want
                          to keep as little of the file in memory as possible in order
                          for censoring to be reasonably performant in space. However,
                          to guarantee that we censor every instance of every secret,
                          our buffer size must be at least two times larger than the
                          largest secret we are about to censor. While that size is
                          the smallest possible buffer we could use, if the secrets
                          being censored are small, censoring will not be performant
                          as the number of I/O actions per file would increase. If
                          unset, defaults to 10MiB.
                        type: integer
                      censoring_concurrency:
                        description: CensoringConcurrency is the maximum number of
                          goroutines that should be censoring artifacts and logs at
                          any time. If unset, defaults to 10.
                        format: int64
                        type: integer
                      exclude_directories:
                        description: ExcludeDirectories are directories which should
                          not have their content censored. If present, content in
                          these directories will not be censored even if the directory
                          also matches a glob in IncludeDirectories. Entries in this
                          list are relative to $ARTIFACTS, and are parsed with the
                          go-zglob library, allowing for globbed matches.
                        items:
                          type: string
                        type: array
                      include_directories:
                        description: IncludeDirectories are directories which should
                          have their content censored. If present, only content in
                          these directories will be censored. Entries in this list
                          are relative to $ARTIFACTS and are parsed with the go-zglob
                          library, allowing for globbed matches.
                        items:
                          type: string
                        type: array
                    type: object
                  cookiefile_secret:
                    description: CookieFileSecret is the name of a kubernetes secret
                      that contains a git http.cookiefile, which should be used during
                      the cloning process.
                    type: string
                  default_memory_request:
                    anyOf:
                    - type: integer
                    - type: string
                    description: DefaultMemoryRequest is the default requested memory
                      on a test container. If SetLimitEqualsMemoryRequest is also
                      true then the Limit will also be set the same as this request.
                      Could be overridden by memory request defined explicitly on
                      prowjob.
                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                    x-kubernetes-int-or-string: true
                  default_service_account_name:
                    description: DefaultServiceAccountName is the name of the Kubernetes
                      service account that should be used by the pod if one is not
                      specified in the podspec.
                    type: string
                  gcs_configuration:
                    description: GCSConfiguration holds options for pushing logs and
                      artifacts to GCS from a job.
                    properties:
                      bucket:
                        description: 'Bucket is the bucket to upload to, it can be:
                          * a GCS bucket: with gs:// prefix * a S3 bucket: with s3://
                          prefix * a GCS bucket: without a prefix (deprecated, it''s
                          discouraged to use Bucket without prefix please add the
                          gs:// prefix)'
                        type: string
                      default_org:
                        description: DefaultOrg is omitted from GCS paths when using
                          the legacy or simple strategy
                        type: string
                      default_repo:
                        description: DefaultRepo is omitted from GCS paths when using
                          the legacy or simple strategy
                        type: string
                      job_url_prefix:
                        description: JobURLPrefix holds the baseURL under which the
                          jobs output can be viewed. If unset, this will be derived
                          based on org/repo from the job_url_prefix_config.
                        type: string
                      local_output_dir:
                        description: LocalOutputDir specifies a directory where files
                          should be copied INSTEAD of uploading to blob storage. This
                          option is useful for testing jobs that use the pod-utilities
                          without actually uploading.
                        type: string
                      mediaTypes:
                        additionalProperties:
                          type: string
                        description: 'MediaTypes holds additional extension media
                          types to add to Go''s builtin''s and the local system''s
                          defaults.  This maps extensions to media types, for example:
                          MediaTypes["log"] = "text/plain"'
                        type: object
                      path_prefix:
                        description: PathPrefix is an optional path that follows the
                          bucket name and comes before any structure
                        type: string
                      path_strategy:
                        description: PathStrategy dictates how the org and repo are
                          used when calculating the full path to an artifact in GCS
                        type: string
                    type: object
                  gcs_credentials_secret:
                    description: GCSCredentialsSecret is the name of the Kubernetes
                      secret that holds GCS push credentials.
                    type: string
                  github_api_endpoints:
                    description: GitHubAPIEndpoints are the endpoints of GitHub APIs.
                    items:
                      type: string
                    type: array
                  github_app_id:
                    description: GitHubAppID is the ID of GitHub App, which is going
                      to be used for fetching a private repository.
                    type: string
                  github_app_private_key_secret:
                    description: GitHubAppPrivateKeySecret is a Kubernetes secret
                      that contains the GitHub App private key, which is going to
                      be used for fetching a private repository.
                    properties:
                      key:
                        description: Key is the key of the corresponding kubernetes
                          secret that holds the value of the GitHub App private key.
                        type: string
                      name:
                        description: Name is the name of a kubernetes secret.
                        type: string
                    type: object
                  grace_period:
                    description: GracePeriod is how long the pod utilities will wait
                      after sending SIGINT to send SIGKILL when aborting a job. Only
                      applicable if decorating the PodSpec.
                    type: string
                  oauth_token_secret:
                    description: OauthTokenSecret is a Kubernetes secret that contains
                      the OAuth token, which is going to be used for fetching a private
                      repository.
                    properties:
                      key:
                        description: Key is the key of the corresponding kubernetes
                          secret that holds the value of the OAuth token.
                        type: string
                      name:
                        description: Name is the name of a kubernetes secret.
                        type: string
                    type: object
                  resources:
                    description: Resources holds resource requests and limits for
                      utility containers used to decorate a PodSpec.
                    properties:
                      clonerefs:
                        description: ResourceRequirements describes the compute resource
                          requirements.
                        properties:
                          limits:
                            additionalProperties:
                              anyOf:
                              - type: integer
                              - type: string
                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                              x-kubernetes-int-or-string: true
                            description: 'Limits describes the maximum amount of compute
                              resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                            type: object
                          requests:
                            additionalProperties:
                              anyOf:
                              - type: integer
                              - type: string
                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                              x-kubernetes-int-or-string: true
                            description: 'Requests describes the minimum amount of
                              compute resources required. If Requests is omitted for
                              a container, it defaults to Limits if that is explicitly
                              specified, otherwise to an implementation-defined value.
                              More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                            type: object
                        type: object
                      initupload:
                        description: ResourceRequirements describes the compute resource
                          requirements.
                        properties:
                          limits:
                            additionalProperties:
                              anyOf:
                              - type: integer
                              - type: string
                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                              x-kubernetes-int-or-string: true
                            description: 'Limits describes the maximum amount of compute
                              resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                            type: object
                          requests:
                            additionalProperties:
                              anyOf:
                              - type: integer
                              - type: string
                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                              x-kubernetes-int-or-string: true
                            description: 'Requests describes the minimum amount of
                              compute resources required. If Requests is omitted for
                              a container, it defaults to Limits if that is explicitly
                              specified, otherwise to an implementation-defined value.
                              More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                            type: object
                        type: object
                      place_entrypoint:
                        description: ResourceRequirements describes the compute resource
                          requirements.
                        properties:
                          limits:
                            additionalProperties:
                              anyOf:
                              - type: integer
                              - type: string
                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                              x-kubernetes-int-or-string: true
                            description: 'Limits describes the maximum amount of compute
                              resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                            type: object
                          requests:
                            additionalProperties:
                              anyOf:
                              - type: integer
                              - type: string
                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                              x-kubernetes-int-or-string: true
                            description: 'Requests describes the minimum amount of
                              compute resources required. If Requests is omitted for
                              a container, it defaults to Limits if that is explicitly
                              specified, otherwise to an implementation-defined value.
                              More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                            type: object
                        type: object
                      sidecar:
                        description: ResourceRequirements describes the compute resource
                          requirements.
                        properties:
                          limits:
                            additionalProperties:
                              anyOf:
                              - type: integer
                              - type: string
                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                              x-kubernetes-int-or-string: true
                            description: 'Limits describes the maximum amount of compute
                              resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                            type: object
                          requests:
                            additionalProperties:
                              anyOf:
                              - type: integer
                              - type: string
                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                              x-kubernetes-int-or-string: true
                            description: 'Requests describes the minimum amount of
                              compute resources required. If Requests is omitted for
                              a container, it defaults to Limits if that is explicitly
                              specified, otherwise to an implementation-defined value.
                              More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                            type: object
                        type: object
                    type: object
                  s3_credentials_secret:
                    description: S3CredentialsSecret is the name of the Kubernetes
                      secret that holds blob storage push credentials.
                    type: string
                  set_limit_equals_memory_request:
                    description: SetLimitEqualsMemoryRequest sets memory limit equal
                      to request.
                    type: boolean
                  skip_cloning:
                    description: SkipCloning determines if we should clone source
                      code in the initcontainers for jobs that specify refs
                    type: boolean
                  ssh_host_fingerprints:
                    description: SSHHostFingerprints are the fingerprints of known
                      SSH hosts that the cloning process can trust. Create with ssh-keyscan
                      [-t rsa] host
                    items:
                      type: string
                    type: array
                  ssh_key_secrets:
                    description: SSHKeySecrets are the names of Kubernetes secrets
                      that contain SSK keys which should be used during the cloning
                      process.
                    items:
                      type: string
                    type: array
                  timeout:
                    description: Timeout is how long the pod utilities will wait before
                      aborting a job with SIGINT.
                    type: string
                  upload_ignores_interrupts:
                    description: UploadIgnoresInterrupts causes sidecar to ignore
                      interrupts for the upload process in hope that the test process
                      exits cleanly before starting an upload.
                    type: boolean
                  utility_images:
                    description: UtilityImages holds pull specs for utility container
                      images used to decorate a PodSpec.
                    properties:
                      clonerefs:
                        description: CloneRefs is the pull spec used for the clonerefs
                          utility
                        type: string
                      entrypoint:
                        description: Entrypoint is the pull spec used for the entrypoint
                          utility
                        type: string
                      initupload:
                        description: InitUpload is the pull spec used for the initupload
                          utility
                        type: string
                      sidecar:
                        description: sidecar is the pull spec used for the sidecar
                          utility
                        type: string
                    type: object
                type: object
              error_on_eviction:
                description: ErrorOnEviction indicates that the ProwJob should be
                  completed and given the ErrorState status if the pod that is executing
                  the job is evicted. If this field is unspecified or false, a new
                  pod will be created to replace the evicted one.
                type: boolean
              extra_refs:
                description: ExtraRefs are auxiliary repositories that need to be
                  cloned, determined from config
                items:
                  description: Refs describes how the repo was constructed.
                  properties:
                    base_link:
                      description: BaseLink is a link to the commit identified by
                        BaseSHA.
                      type: string
                    base_ref:
                      type: string
                    base_sha:
                      type: string
                    clone_depth:
                      description: CloneDepth is the depth of the clone that will
                        be used. A depth of zero will do a full clone.
                      type: integer
                    clone_uri:
                      description: CloneURI is the URI that is used to clone the repository.
                        If unset, will default to `https://github.com/org/repo.git`.
                      type: string
                    org:
                      description: Org is something like kubernetes or k8s.io
                      type: string
                    path_alias:
                      description: PathAlias is the location under <root-dir>/src
                        where this repository is cloned. If this is not set, <root-dir>/src/github.com/org/repo
                        will be used as the default.
                      type: string
                    pulls:
                      items:
                        description: Pull describes a pull request at a particular
                          point in time.
                        properties:
                          author:
                            type: string
                          author_link:
                            description: AuthorLink links to the author of the pull
                              request.
                            type: string
                          commit_link:
                            description: CommitLink links to the commit identified
                              by the SHA.
                            type: string
                          link:
                            description: Link links to the pull request itself.
                            type: string
                          number:
                            type: integer
                          ref:
                            description: 'Ref is git ref can be checked out for a
                              change for example, github: pull/123/head gerrit: refs/changes/00/123/1'
                            type: string
                          sha:
                            type: string
                          title:
                            type: string
                        required:
                        - author
                        - number
                        - sha
                        type: object
                      type: array
                    repo:
                      description: Repo is something like test-infra
                      type: string
                    repo_link:
                      description: RepoLink links to the source for Repo.
                      type: string
                    skip_fetch_head:
                      description: SkipFetchHead tells prow to avoid a git fetch <remote>
                        call. Multiheaded repos may need to not make this call. The
                        git fetch <remote> <BaseRef> call occurs regardless.
                      type: boolean
                    skip_submodules:
                      description: SkipSubmodules determines if submodules should
                        be cloned when the job is run. Defaults to false.
                      type: boolean
                    workdir:
                      description: WorkDir defines if the location of the cloned repository
                        will be used as the default working directory.
                      type: boolean
                  required:
                  - org
                  - repo
                  type: object
                type: array
              hidden:
                description: Hidden specifies if the Job is considered hidden. Hidden
                  jobs are only shown by deck instances that have the `--hiddenOnly=true`
                  or `--show-hidden=true` flag set. Presubmits and Postsubmits can
                  also be set to hidden by adding their repository in Decks `hidden_repo`
                  setting.
                type: boolean
              jenkins_spec:
                description: JenkinsSpec holds configuration specific to Jenkins jobs
                properties:
                  github_branch_source_job:
                    type: boolean
                type: object
              job:
                description: Job is the name of the job
                type: string
              job_queue_name:
                description: JobQueueName is an optional field with name of a queue
                  defining max concurrency. When several jobs from the same queue
                  try to run at the same time, the number of them that is actually
                  started is limited by JobQueueConcurrencies (part of Plank's config).
                  If this field is left undefined inifinite concurrency is assumed.
                  This behaviour may be superseded by MaxConcurrency field, if it
                  is set to a constraining value.
                type: string
              max_concurrency:
                description: MaxConcurrency restricts the total number of instances
                  of this job that can run in parallel at once. This is a separate
                  mechanism to JobQueueName and the lowest max concurrency is selected
                  from these two.
                minimum: 0
                type: integer
              namespace:
                description: Namespace defines where to create pods/resources.
                type: string
              pipeline_run_spec:
                description: PipelineRunSpec provides the basis for running the test
                  as a pipeline-crd resource https://github.com/tektoncd/pipeline
                properties:
                  params:
                    description: Params is a list of parameter names and values.
                    items:
                      description: Param declares an ArrayOrString to use for the
                        parameter called name.
                      properties:
                        name:
                          type: string
                        value:
                          description: 'ArrayOrString is a type that can hold a single
                            string or string array. Used in JSON unmarshalling so
                            that a single JSON field can accept either an individual
                            string or an array of strings. TODO (@chuangw6): This
                            struct will be renamed or be embedded in a new struct
                            to take into consideration the object case after the community
                            reaches an agreement on it.'
                          properties:
                            arrayVal:
                              items:
                                type: string
                              type: array
                              x-kubernetes-list-type: atomic
                            objectVal:
                              additionalProperties:
                                type: string
                              type: object
                            stringVal:
                              type: string
                            type:
                              description: ParamType indicates the type of an input
                                parameter; Used to distinguish between a single string
                                and an array of strings.
                              type: string
                          required:
                          - arrayVal
                          - objectVal
                          - stringVal
                          - type
                          type: object
                      required:
                      - name
                      - value
                      type: object
                    type: array
                  pipelineRef:
                    description: 'PipelineRef can be used to refer to a specific instance
                      of a Pipeline. Copied from CrossVersionObjectReference: https://github.com/kubernetes/kubernetes/blob/169df7434155cbbc22f1532cba8e0a9588e29ad8/pkg/apis/autoscaling/types.go#L64'
                    properties:
                      apiVersion:
                        description: API version of the referent
                        type: string
                      bundle:
                        description: Bundle url reference to a Tekton Bundle.
                        type: string
                      name:
                        description: 'Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names'
                        type: string
                      resolver:
                        description: Resolver is the name of the resolver that should
                          perform resolution of the referenced Tekton resource, such
                          as "git".
                        type: string
                      resource:
                        description: Resource contains the parameters used to identify
                          the referenced Tekton resource. Example entries might include
                          "repo" or "path" but the set of params ultimately depends
                          on the chosen resolver.
                        items:
                          description: ResolverParam is a single parameter passed
                            to a resolver.
                          properties:
                            name:
                              description: Name is the name of the parameter that
                                will be passed to the resolver.
                              type: string
                            value:
                              description: Value is the string value of the parameter
                                that will be passed to the resolver.
                              type: string
                          required:
                          - name
                          - value
                          type: object
                        type: array
                        x-kubernetes-list-type: atomic
                    type: object
                  pipelineSpec:
                    description: PipelineSpec defines the desired state of Pipeline.
                    properties:
                      description:
                        description: Description is a user-facing description of the
                          pipeline that may be used to populate a UI.
                        type: string
                      params:
                        description: Params declares a list of input parameters that
                          must be supplied when this Pipeline is run.
                        items:
                          description: ParamSpec defines arbitrary parameters needed
                            beyond typed inputs (such as resources). Parameter values
                            are provided by users as inputs on a TaskRun or PipelineRun.
                          properties:
                            default:
                              description: Default is the value a parameter takes
                                if no input value is supplied. If default is set,
                                a Task may be executed without a supplied value for
                                the parameter.
                              properties:
                                arrayVal:
                                  items:
                                    type: string
                                  type: array
                                  x-kubernetes-list-type: atomic
                                objectVal:
                                  additionalProperties:
                                    type: string
                                  type: object
                                stringVal:
                                  type: string
                                type:
                                  description: ParamType indicates the type of an
                                    input parameter; Used to distinguish between a
                                    single string and an array of strings.
                                  type: string
                              required:
                              - arrayVal
                              - objectVal
                              - stringVal
                              - type
                              type: object
                            description:
                              description: Description is a user-facing description
                                of the parameter that may be used to populate a UI.
                              type: string
                            name:
                              description: Name declares the name by which a parameter
                                is referenced.
                              type: string
                            properties:
                              additionalProperties:
                                description: PropertySpec defines the struct for object
                                  keys
                                properties:
                                  type:
                                    description: ParamType indicates the type of an
                                      input parameter; Used to distinguish between
                                      a single string and an array of strings.
                                    type: string
                                type: object
                              description: Properties is the JSON Schema properties
                                to support key-value pairs parameter.
                              type: object
                            type:
                              description: Type is the user-specified type of the
                                parameter. The possible types are currently "string",
                                "array" and "object", and "string" is the default.
                              type: string
                          required:
                          - name
                          type: object
                        type: array
                      resources:
                        description: Resources declares the names and types of the
                          resources given to the Pipeline's tasks as inputs and outputs.
                        items:
                          description: PipelineDeclaredResource is used by a Pipeline
                            to declare the types of the PipelineResources that it
                            will required to run and names which can be used to refer
                            to these PipelineResources in PipelineTaskResourceBindings.
                          properties:
                            name:
                              description: Name is the name that will be used by the
                                Pipeline to refer to this resource. It does not directly
                                correspond to the name of any PipelineResources Task
                                inputs or outputs, and it does not correspond to the
                                actual names of the PipelineResources that will be
                                bound in the PipelineRun.
                              type: string
                            optional:
                              description: 'Optional declares the resource as optional.
                                optional: true - the resource is considered optional
                                optional: false - the resource is considered required
                                (default/equivalent of not specifying it)'
                              type: boolean
                            type:
                              description: Type is the type of the PipelineResource.
                              type: string
                          required:
                          - name
                          - type
                          type: object
                        type: array
                      results:
                        description: Results are values that this pipeline can output
                          once run
                        items:
                          description: PipelineResult used to describe the results
                            of a pipeline
                          properties:
                            description:
                              description: Description is a human-readable description
                                of the result
                              type: string
                            name:
                              description: Name the given name
                              type: string
                            value:
                              description: Value the expression used to retrieve the
                                value
                              type: string
                          required:
                          - name
                          - value
                          type: object
                        type: array
                      tasks:
                        description: Tasks declares the graph of Tasks that execute
                          when this Pipeline is run.
                        items:
                          description: PipelineTask defines a task in a Pipeline,
                            passing inputs from both Params and from the output of
                            previous tasks.
                          properties:
                            conditions:
                              description: Conditions is a list of conditions that
                                need to be true for the task to run
                              items:
                                description: PipelineTaskCondition allows a PipelineTask
                                  to declare a Condition to be evaluated before the
                                  Task is run.
                                properties:
                                  conditionRef:
                                    description: ConditionRef is the name of the Condition
                                      to use for the conditionCheck
                                    type: string
                                  params:
                                    description: Params declare parameters passed
                                      to this Condition
                                    items:
                                      description: Param declares an ArrayOrString
                                        to use for the parameter called name.
                                      properties:
                                        name:
                                          type: string
                                        value:
                                          description: 'ArrayOrString is a type that
                                            can hold a single string or string array.
                                            Used in JSON unmarshalling so that a single
                                            JSON field can accept either an individual
                                            string or an array of strings. TODO (@chuangw6):
                                            This struct will be renamed or be embedded
                                            in a new struct to take into consideration
                                            the object case after the community reaches
                                            an agreement on it.'
                                          properties:
                                            arrayVal:
                                              items:
                                                type: string
                                              type: array
                                              x-kubernetes-list-type: atomic
                                            objectVal:
                                              additionalProperties:
                                                type: string
                                              type: object
                                            stringVal:
                                              type: string
                                            type:
                                              description: ParamType indicates the
                                                type of an input parameter; Used to
                                                distinguish between a single string
                                                and an array of strings.
                                              type: string
                                          required:
                                          - arrayVal
                                          - objectVal
                                          - stringVal
                                          - type
                                          type: object
                                      required:
                                      - name
                                      - value
                                      type: object
                                    type: array
                                    x-kubernetes-list-type: atomic
                                  resources:
                                    description: Resources declare the resources provided
                                      to this Condition as input
                                    items:
                                      description: PipelineTaskInputResource maps
                                        the name of a declared PipelineResource input
                                        dependency in a Task to the resource in the
                                        Pipeline's DeclaredPipelineResources that
                                        should be used. This input may come from a
                                        previous task.
                                      properties:
                                        from:
                                          description: From is the list of PipelineTask
                                            names that the resource has to come from.
                                            (Implies an ordering in the execution
                                            graph.)
                                          items:
                                            type: string
                                          type: array
                                          x-kubernetes-list-type: atomic
                                        name:
                                          description: Name is the name of the PipelineResource
                                            as declared by the Task.
                                          type: string
                                        resource:
                                          description: Resource is the name of the
                                            DeclaredPipelineResource to use.
                                          type: string
                                      required:
                                      - name
                                      - resource
                                      type: object
                                    type: array
                                    x-kubernetes-list-type: atomic
                                required:
                                - conditionRef
                                type: object
                              type: array
                            name:
                              description: Name is the name of this task within the
                                context of a Pipeline. Name is used as a coordinate
                                with the `from` and `runAfter` fields to establish
                                the execution order of tasks relative to one another.
                              type: string
                            params:
                              description: Parameters declares parameters passed to
                                this task.
                              items:
                                description: Param declares an ArrayOrString to use
                                  for the parameter called name.
                                properties:
                                  name:
                                    type: string
                                  value:
                                    description: 'ArrayOrString is a type that can
                                      hold a single string or string array. Used in
                                      JSON unmarshalling so that a single JSON field
                                      can accept either an individual string or an
                                      array of strings. TODO (@chuangw6): This struct
                                      will be renamed or be embedded in a new struct
                                      to take into consideration the object case after
                                      the community reaches an agreement on it.'
                                    properties:
                                      arrayVal:
                                        items:
                                          type: string
                                        type: array
                                        x-kubernetes-list-type: atomic
                                      objectVal:
                                        additionalProperties:
                                          type: string
                                        type: object
                                      stringVal:
                                        type: string
                                      type:
                                        description: ParamType indicates the type
                                          of an input parameter; Used to distinguish
                                          between a single string and an array of
                                          strings.
                                        type: string
                                    required:
                                    - arrayVal
                                    - objectVal
                                    - stringVal
                                    - type
                                    type: object
                                required:
                                - name
                                - value
                                type: object
                              type: array
                            resources:
                              description: Resources declares the resources given
                                to this task as inputs and outputs.
                              properties:
                                inputs:
                                  description: Inputs holds the mapping from the PipelineResources
                                    declared in DeclaredPipelineResources to the input
                                    PipelineResources required by the Task.
                                  items:
                                    description: PipelineTaskInputResource maps the
                                      name of a declared PipelineResource input dependency
                                      in a Task to the resource in the Pipeline's
                                      DeclaredPipelineResources that should be used.
                                      This input may come from a previous task.
                                    properties:
                                      from:
                                        description: From is the list of PipelineTask
                                          names that the resource has to come from.
                                          (Implies an ordering in the execution graph.)
                                        items:
                                          type: string
                                        type: array
                                        x-kubernetes-list-type: atomic
                                      name:
                                        description: Name is the name of the PipelineResource
                                          as declared by the Task.
                                        type: string
                                      resource:
                                        description: Resource is the name of the DeclaredPipelineResource
                                          to use.
                                        type: string
                                    required:
                                    - name
                                    - resource
                                    type: object
                                  type: array
                                  x-kubernetes-list-type: atomic
                                outputs:
                                  description: Outputs holds the mapping from the
                                    PipelineResources declared in DeclaredPipelineResources
                                    to the input PipelineResources required by the
                                    Task.
                                  items:
                                    description: PipelineTaskOutputResource maps the
                                      name of a declared PipelineResource output dependency
                                      in a Task to the resource in the Pipeline's
                                      DeclaredPipelineResources that should be used.
                                    properties:
                                      name:
                                        description: Name is the name of the PipelineResource
                                          as declared by the Task.
                                        type: string
                                      resource:
                                        description: Resource is the name of the DeclaredPipelineResource
                                          to use.
                                        type: string
                                    required:
                                    - name
                                    - resource
                                    type: object
                                  type: array
                                  x-kubernetes-list-type: atomic
                              type: object
                            retries:
                              description: 'Retries represents how many times this
                                task should be retried in case of task failure: ConditionSucceeded
                                set to False'
                              type: integer
                            runAfter:
                              description: RunAfter is the list of PipelineTask names
                                that should be executed before this Task executes.
                                (Used to force a specific ordering in graph execution.)
                              items:
                                type: string
                              type: array
                            taskRef:
                              description: TaskRef is a reference to a task definition.
                              properties:
                                apiVersion:
                                  description: API version of the referent
                                  type: string
                                bundle:
                                  description: Bundle url reference to a Tekton Bundle.
                                  type: string
                                kind:
                                  description: TaskKind indicates the kind of the
                                    task, namespaced or cluster scoped.
                                  type: string
                                name:
                                  description: 'Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names'
                                  type: string
                                resolver:
                                  description: Resolver is the name of the resolver
                                    that should perform resolution of the referenced
                                    Tekton resource, such as "git".
                                  type: string
                                resource:
                                  description: Resource contains the parameters used
                                    to identify the referenced Tekton resource. Example
                                    entries might include "repo" or "path" but the
                                    set of params ultimately depends on the chosen
                                    resolver.
                                  items:
                                    description: ResolverParam is a single parameter
                                      passed to a resolver.
                                    properties:
                                      name:
                                        description: Name is the name of the parameter
                                          that will be passed to the resolver.
                                        type: string
                                      value:
                                        description: Value is the string value of
                                          the parameter that will be passed to the
                                          resolver.
                                        type: string
                                    required:
                                    - name
                                    - value
                                    type: object
                                  type: array
                                  x-kubernetes-list-type: atomic
                              type: object
                            taskSpec:
                              description: TaskSpec is specification of a task
                              properties:
                                description:
                                  description: Description is a user-facing description
                                    of the task that may be used to populate a UI.
                                  type: string
                                inputs:
                                  description: Inputs is an optional set of parameters
                                    and resources which must be supplied by the user
                                    when a Task is executed by a TaskRun.
                                  properties:
                                    params:
                                      description: Params is a list of input parameters
                                        required to run the task. Params must be supplied
                                        as inputs in TaskRuns unless they declare
                                        a default value.
                                      items:
                                        description: ParamSpec defines arbitrary parameters
                                          needed beyond typed inputs (such as resources).
                                          Parameter values are provided by users as
                                          inputs on a TaskRun or PipelineRun.
                                        properties:
                                          default:
                                            description: Default is the value a parameter
                                              takes if no input value is supplied.
                                              If default is set, a Task may be executed
                                              without a supplied value for the parameter.
                                            properties:
                                              arrayVal:
                                                items:
                                                  type: string
                                                type: array
                                                x-kubernetes-list-type: atomic
                                              objectVal:
                                                additionalProperties:
                                                  type: string
                                                type: object
                                              stringVal:
                                                type: string
                                              type:
                                                description: ParamType indicates the
                                                  type of an input parameter; Used
                                                  to distinguish between a single
                                                  string and an array of strings.
                                                type: string
                                            required:
                                            - arrayVal
                                            - objectVal
                                            - stringVal
                                            - type
                                            type: object
                                          description:
                                            description: Description is a user-facing
                                              description of the parameter that may
                                              be used to populate a UI.
                                            type: string
                                          name:
                                            description: Name declares the name by
                                              which a parameter is referenced.
                                            type: string
                                          properties:
                                            additionalProperties:
                                              description: PropertySpec defines the
                                                struct for object keys
                                              properties:
                                                type:
                                                  description: ParamType indicates
                                                    the type of an input parameter;
                                                    Used to distinguish between a
                                                    single string and an array of
                                                    strings.
                                                  type: string
                                              type: object
                                            description: Properties is the JSON Schema
                                              properties to support key-value pairs
                                              parameter.
                                            type: object
                                          type:
                                            description: Type is the user-specified
                                              type of the parameter. The possible
                                              types are currently "string", "array"
                                              and "object", and "string" is the default.
                                            type: string
                                        required:
                                        - name
                                        type: object
                                      type: array
                                    resources:
                                      description: Resources is a list of the input
                                        resources required to run the task. Resources
                                        are represented in TaskRuns as bindings to
                                        instances of PipelineResources.
                                      items:
                                        description: TaskResource defines an input
                                          or output Resource declared as a requirement
                                          by a Task. The Name field will be used to
                                          refer to these Resources within the Task
                                          definition, and when provided as an Input,
                                          the Name will be the path to the volume
                                          mounted containing this Resource as an input
                                          (e.g. an input Resource named `workspace`
                                          will be mounted at `/workspace`).
                                        properties:
                                          description:
                                            description: Description is a user-facing
                                              description of the declared resource
                                              that may be used to populate a UI.
                                            type: string
                                          name:
                                            description: Name declares the name by
                                              which a resource is referenced in the
                                              definition. Resources may be referenced
                                              by name in the definition of a Task's
                                              steps.
                                            type: string
                                          optional:
                                            description: 'Optional declares the resource
                                              as optional. By default optional is
                                              set to false which makes a resource
                                              required. optional: true - the resource
                                              is considered optional optional: false
                                              - the resource is considered required
                                              (equivalent of not specifying it)'
                                            type: boolean
                                          targetPath:
                                            description: TargetPath is the path in
                                              workspace directory where the resource
                                              will be copied.
                                            type: string
                                          type:
                                            description: Type is the type of this
                                              resource;
                                            type: string
                                        required:
                                        - name
                                        - type
                                        type: object
                                      type: array
                                  type: object
                                outputs:
                                  description: Outputs is an optional set of resources
                                    and results produced when this Task is run.
                                  properties:
                                    resources:
                                      items:
                                        description: TaskResource defines an input
                                          or output Resource declared as a requirement
                                          by a Task. The Name field will be used to
                                          refer to these Resources within the Task
                                          definition, and when provided as an Input,
                                          the Name will be the path to the volume
                                          mounted containing this Resource as an input
                                          (e.g. an input Resource named `workspace`
                                          will be mounted at `/workspace`).
                                        properties:
                                          description:
                                            description: Description is a user-facing
                                              description of the declared resource
                                              that may be used to populate a UI.
                                            type: string
                                          name:
                                            description: Name declares the name by
                                              which a resource is referenced in the
                                              definition. Resources may be referenced
                                              by name in the definition of a Task's
                                              steps.
                                            type: string
                                          optional:
                                            description: 'Optional declares the resource
                                              as optional. By default optional is
                                              set to false which makes a resource
                                              required. optional: true - the resource
                                              is considered optional optional: false
                                              - the resource is considered required
                                              (equivalent of not specifying it)'
                                            type: boolean
                                          targetPath:
                                            description: TargetPath is the path in
                                              workspace directory where the resource
                                              will be copied.
                                            type: string
                                          type:
                                            description: Type is the type of this
                                              resource;
                                            type: string
                                        required:
                                        - name
                                        - type
                                        type: object
                                      type: array
                                    results:
                                      items:
                                        description: TestResult allows a task to specify
                                          the location where test logs can be found
                                          and what format they will be in.
                                        properties:
                                          format:
                                            description: 'TODO: maybe this is an enum
                                              with types like "go test", "junit",
                                              etc.'
                                            type: string
                                          name:
                                            description: Name declares the name by
                                              which a result is referenced in the
                                              Task's definition. Results may be referenced
                                              by name in the definition of a Task's
                                              steps.
                                            type: string
                                          path:
                                            type: string
                                        required:
                                        - format
                                        - name
                                        - path
                                        type: object
                                      type: array
                                  type: object
                                params:
                                  description: Params is a list of input parameters
                                    required to run the task. Params must be supplied
                                    as inputs in TaskRuns unless they declare a default
                                    value.
                                  items:
                                    description: ParamSpec defines arbitrary parameters
                                      needed beyond typed inputs (such as resources).
                                      Parameter values are provided by users as inputs
                                      on a TaskRun or PipelineRun.
                                    properties:
                                      default:
                                        description: Default is the value a parameter
                                          takes if no input value is supplied. If
                                          default is set, a Task may be executed without
                                          a supplied value for the parameter.
                                        properties:
                                          arrayVal:
                                            items:
                                              type: string
                                            type: array
                                            x-kubernetes-list-type: atomic
                                          objectVal:
                                            additionalProperties:
                                              type: string
                                            type: object
                                          stringVal:
                                            type: string
                                          type:
                                            description: ParamType indicates the type
                                              of an input parameter; Used to distinguish
                                              between a single string and an array
                                              of strings.
                                            type: string
                                        required:
                                        - arrayVal
                                        - objectVal
                                        - stringVal
                                        - type
                                        type: object
                                      description:
                                        description: Description is a user-facing
                                          description of the parameter that may be
                                          used to populate a UI.
                                        type: string
                                      name:
                                        description: Name declares the name by which
                                          a parameter is referenced.
                                        type: string
                                      properties:
                                        additionalProperties:
                                          description: PropertySpec defines the struct
                                            for object keys
                                          properties:
                                            type:
                                              description: ParamType indicates the
                                                type of an input parameter; Used to
                                                distinguish between a single string
                                                and an array of strings.
                                              type: string
                                          type: object
                                        description: Properties is the JSON Schema
                                          properties to support key-value pairs parameter.
                                        type: object
                                      type:
                                        description: Type is the user-specified type
                                          of the parameter. The possible types are
                                          currently "string", "array" and "object",
                                          and "string" is the default.
                                        type: string
                                    required:
                                    - name
                                    type: object
                                  type: array
                                  x-kubernetes-list-type: atomic
                                resources:
                                  description: Resources is a list input and output
                                    resource to run the task Resources are represented
                                    in TaskRuns as bindings to instances of PipelineResources.
                                  properties:
                                    inputs:
                                      description: Inputs holds the mapping from the
                                        PipelineResources declared in DeclaredPipelineResources
                                        to the input PipelineResources required by
                                        the Task.
                                      items:
                                        description: TaskResource defines an input
                                          or output Resource declared as a requirement
                                          by a Task. The Name field will be used to
                                          refer to these Resources within the Task
                                          definition, and when provided as an Input,
                                          the Name will be the path to the volume
                                          mounted containing this Resource as an input
                                          (e.g. an input Resource named `workspace`
                                          will be mounted at `/workspace`).
                                        properties:
                                          description:
                                            description: Description is a user-facing
                                              description of the declared resource
                                              that may be used to populate a UI.
                                            type: string
                                          name:
                                            description: Name declares the name by
                                              which a resource is referenced in the
                                              definition. Resources may be referenced
                                              by name in the definition of a Task's
                                              steps.
                                            type: string
                                          optional:
                                            description: 'Optional declares the resource
                                              as optional. By default optional is
                                              set to false which makes a resource
                                              required. optional: true - the resource
                                              is considered optional optional: false
                                              - the resource is considered required
                                              (equivalent of not specifying it)'
                                            type: boolean
                                          targetPath:
                                            description: TargetPath is the path in
                                              workspace directory where the resource
                                              will be copied.
                                            type: string
                                          type:
                                            description: Type is the type of this
                                              resource;
                                            type: string
                                        required:
                                        - name
                                        - type
                                        type: object
                                      type: array
                                      x-kubernetes-list-type: atomic
                                    outputs:
                                      description: Outputs holds the mapping from
                                        the PipelineResources declared in DeclaredPipelineResources
                                        to the input PipelineResources required by
                                        the Task.
                                      items:
                                        description: TaskResource defines an input
                                          or output Resource declared as a requirement
                                          by a Task. The Name field will be used to
                                          refer to these Resources within the Task
                                          definition, and when provided as an Input,
                                          the Name will be the path to the volume
                                          mounted containing this Resource as an input
                                          (e.g. an input Resource named `workspace`
                                          will be mounted at `/workspace`).
                                        properties:
                                          description:
                                            description: Description is a user-facing
                                              description of the declared resource
                                              that may be used to populate a UI.
                                            type: string
                                          name:
                                            description: Name declares the name by
                                              which a resource is referenced in the
                                              definition. Resources may be referenced
                                              by name in the definition of a Task's
                                              steps.
                                            type: string
                                          optional:
                                            description: 'Optional declares the resource
                                              as optional. By default optional is
                                              set to false which makes a resource
                                              required. optional: true - the resource
                                              is considered optional optional: false
                                              - the resource is considered required
                                              (equivalent of not specifying it)'
                                            type: boolean
                                          targetPath:
                                            description: TargetPath is the path in
                                              workspace directory where the resource
                                              will be copied.
                                            type: string
                                          type:
                                            description: Type is the type of this
                                              resource;
                                            type: string
                                        required:
                                        - name
                                        - type
                                        type: object
                                      type: array
                                      x-kubernetes-list-type: atomic
                                  type: object
                                results:
                                  description: Results are values that this Task can
                                    output
                                  items:
                                    description: TaskResult used to describe the results
                                      of a task
                                    properties:
                                      description:
                                        description: Description is a human-readable
                                          description of the result
                                        type: string
                                      name:
                                        description: Name the given name
                                        type: string
                                      type:
                                        description: Type is the user-specified type
                                          of the result. The possible type is currently
                                          "string" and will support "array" in following
                                          work.
                                        type: string
                                    required:
                                    - name
                                    type: object
                                  type: array
                                  x-kubernetes-list-type: atomic
                                sidecars:
                                  description: Sidecars are run alongside the Task's
                                    step containers. They begin before the steps start
                                    and end after the steps complete.
                                  items:
                                    description: Sidecar has nearly the same data
                                      structure as Step but does not have the ability
                                      to timeout.
                                    properties:
                                      args:
                                        description: 'Arguments to the entrypoint.
                                          The docker image''s CMD is used if this
                                          is not provided. Variable references $(VAR_NAME)
                                          are expanded using the container''s environment.
                                          If a variable cannot be resolved, the reference
                                          in the input string will be unchanged. Double
                                          $$ are reduced to a single $, which allows
                                          for escaping the $(VAR_NAME) syntax: i.e.
                                          "$$(VAR_NAME)" will produce the string literal
                                          "$(VAR_NAME)". Escaped references will never
                                          be expanded, regardless of whether the variable
                                          exists or not. Cannot be updated. More info:
                                          https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
                                        items:
                                          type: string
                                        type: array
                                        x-kubernetes-list-type: atomic
                                      command:
                                        description: 'Entrypoint array. Not executed
                                          within a shell. The docker image''s ENTRYPOINT
                                          is used if this is not provided. Variable
                                          references $(VAR_NAME) are expanded using
                                          the container''s environment. If a variable
                                          cannot be resolved, the reference in the
                                          input string will be unchanged. Double $$
                                          are reduced to a single $, which allows
                                          for escaping the $(VAR_NAME) syntax: i.e.
                                          "$$(VAR_NAME)" will produce the string literal
                                          "$(VAR_NAME)". Escaped references will never
                                          be expanded, regardless of whether the variable
                                          exists or not. Cannot be updated. More info:
                                          https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
                                        items:
                                          type: string
                                        type: array
                                        x-kubernetes-list-type: atomic
                                      env:
                                        description: List of environment variables
                                          to set in the container. Cannot be updated.
                                        items:
                                          description: EnvVar represents an environment
                                            variable present in a Container.
                                          properties:
                                            name:
                                              description: Name of the environment
                                                variable. Must be a C_IDENTIFIER.
                                              type: string
                                            value:
                                              description: 'Variable references $(VAR_NAME)
                                                are expanded using the previously
                                                defined environment variables in the
                                                container and any service environment
                                                variables. If a variable cannot be
                                                resolved, the reference in the input
                                                string will be unchanged. Double $$
                                                are reduced to a single $, which allows
                                                for escaping the $(VAR_NAME) syntax:
                                                i.e. "$$(VAR_NAME)" will produce the
                                                string literal "$(VAR_NAME)". Escaped
                                                references will never be expanded,
                                                regardless of whether the variable
                                                exists or not. Defaults to "".'
                                              type: string
                                            valueFrom:
                                              description: Source for the environment
                                                variable's value. Cannot be used if
                                                value is not empty.
                                              properties:
                                                configMapKeyRef:
                                                  description: Selects a key of a
                                                    ConfigMap.
                                                  properties:
                                                    key:
                                                      description: The key to select.
                                                      type: string
                                                    name:
                                                      description: 'Name of the referent.
                                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                        TODO: Add other useful fields.
                                                        apiVersion, kind, uid?'
                                                      type: string
                                                    optional:
                                                      description: Specify whether
                                                        the ConfigMap or its key must
                                                        be defined
                                                      type: boolean
                                                  required:
                                                  - key
                                                  type: object
                                                fieldRef:
                                                  description: 'Selects a field of
                                                    the pod: supports metadata.name,
                                                    metadata.namespace, `metadata.labels[''<KEY>'']`,
                                                    `metadata.annotations[''<KEY>'']`,
                                                    spec.nodeName, spec.serviceAccountName,
                                                    status.hostIP, status.podIP, status.podIPs.'
                                                  properties:
                                                    apiVersion:
                                                      description: Version of the
                                                        schema the FieldPath is written
                                                        in terms of, defaults to "v1".
                                                      type: string
                                                    fieldPath:
                                                      description: Path of the field
                                                        to select in the specified
                                                        API version.
                                                      type: string
                                                  required:
                                                  - fieldPath
                                                  type: object
                                                resourceFieldRef:
                                                  description: 'Selects a resource
                                                    of the container: only resources
                                                    limits and requests (limits.cpu,
                                                    limits.memory, limits.ephemeral-storage,
                                                    requests.cpu, requests.memory
                                                    and requests.ephemeral-storage)
                                                    are currently supported.'
                                                  properties:
                                                    containerName:
                                                      description: 'Container name:
                                                        required for volumes, optional
                                                        for env vars'
                                                      type: string
                                                    divisor:
                                                      anyOf:
                                                      - type: integer
                                                      - type: string
                                                      description: Specifies the output
                                                        format of the exposed resources,
                                                        defaults to "1"
                                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                      x-kubernetes-int-or-string: true
                                                    resource:
                                                      description: 'Required: resource
                                                        to select'
                                                      type: string
                                                  required:
                                                  - resource
                                                  type: object
                                                secretKeyRef:
                                                  description: Selects a key of a
                                                    secret in the pod's namespace
                                                  properties:
                                                    key:
                                                      description: The key of the
                                                        secret to select from.  Must
                                                        be a valid secret key.
                                                      type: string
                                                    name:
                                                      description: 'Name of the referent.
                                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                        TODO: Add other useful fields.
                                                        apiVersion, kind, uid?'
                                                      type: string
                                                    optional:
                                                      description: Specify whether
                                                        the Secret or its key must
                                                        be defined
                                                      type: boolean
                                                  required:
                                                  - key
                                                  type: object
                                              type: object
                                          required:
                                          - name
                                          type: object
                                        type: array
                                        x-kubernetes-list-type: atomic
                                      envFrom:
                                        description: List of sources to populate environment
                                          variables in the container. The keys defined
                                          within a source must be a C_IDENTIFIER.
                                          All invalid keys will be reported as an
                                          event when the container is starting. When
                                          a key exists in multiple sources, the value
                                          associated with the last source will take
                                          precedence. Values defined by an Env with
                                          a duplicate key will take precedence. Cannot
                                          be updated.
                                        items:
                                          description: EnvFromSource represents the
                                            source of a set of ConfigMaps
                                          properties:
                                            configMapRef:
                                              description: The ConfigMap to select
                                                from
                                              properties:
                                                name:
                                                  description: 'Name of the referent.
                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                    TODO: Add other useful fields.
                                                    apiVersion, kind, uid?'
                                                  type: string
                                                optional:
                                                  description: Specify whether the
                                                    ConfigMap must be defined
                                                  type: boolean
                                              type: object
                                            prefix:
                                              description: An optional identifier
                                                to prepend to each key in the ConfigMap.
                                                Must be a C_IDENTIFIER.
                                              type: string
                                            secretRef:
                                              description: The Secret to select from
                                              properties:
                                                name:
                                                  description: 'Name of the referent.
                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                    TODO: Add other useful fields.
                                                    apiVersion, kind, uid?'
                                                  type: string
                                                optional:
                                                  description: Specify whether the
                                                    Secret must be defined
                                                  type: boolean
                                              type: object
                                          type: object
                                        type: array
                                        x-kubernetes-list-type: atomic
                                      image:
                                        description: 'Docker image name. More info:
                                          https://kubernetes.io/docs/concepts/containers/images
                                          This field is optional to allow higher level
                                          config management to default or override
                                          container images in workload controllers
                                          like Deployments and StatefulSets.'
                                        type: string
                                      imagePullPolicy:
                                        description: 'Image pull policy. One of Always,
                                          Never, IfNotPresent. Defaults to Always
                                          if :latest tag is specified, or IfNotPresent
                                          otherwise. Cannot be updated. More info:
                                          https://kubernetes.io/docs/concepts/containers/images#updating-images'
                                        type: string
                                      lifecycle:
                                        description: Actions that the management system
                                          should take in response to container lifecycle
                                          events. Cannot be updated.
                                        properties:
                                          postStart:
                                            description: 'PostStart is called immediately
                                              after a container is created. If the
                                              handler fails, the container is terminated
                                              and restarted according to its restart
                                              policy. Other management of the container
                                              blocks until the hook completes. More
                                              info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
                                            properties:
                                              exec:
                                                description: Exec specifies the action
                                                  to take.
                                                properties:
                                                  command:
                                                    description: Command is the command
                                                      line to execute inside the container,
                                                      the working directory for the
                                                      command  is root ('/') in the
                                                      container's filesystem. The
                                                      command is simply exec'd, it
                                                      is not run inside a shell, so
                                                      traditional shell instructions
                                                      ('|', etc) won't work. To use
                                                      a shell, you need to explicitly
                                                      call out to that shell. Exit
                                                      status of 0 is treated as live/healthy
                                                      and non-zero is unhealthy.
                                                    items:
                                                      type: string
                                                    type: array
                                                type: object
                                              httpGet:
                                                description: HTTPGet specifies the
                                                  http request to perform.
                                                properties:
                                                  host:
                                                    description: Host name to connect
                                                      to, defaults to the pod IP.
                                                      You probably want to set "Host"
                                                      in httpHeaders instead.
                                                    type: string
                                                  httpHeaders:
                                                    description: Custom headers to
                                                      set in the request. HTTP allows
                                                      repeated headers.
                                                    items:
                                                      description: HTTPHeader describes
                                                        a custom header to be used
                                                        in HTTP probes
                                                      properties:
                                                        name:
                                                          description: The header
                                                            field name
                                                          type: string
                                                        value:
                                                          description: The header
                                                            field value
                                                          type: string
                                                      required:
                                                      - name
                                                      - value
                                                      type: object
                                                    type: array
                                                  path:
                                                    description: Path to access on
                                                      the HTTP server.
                                                    type: string
                                                  port:
                                                    anyOf:
                                                    - type: integer
                                                    - type: string
                                                    description: Name or number of
                                                      the port to access on the container.
                                                      Number must be in the range
                                                      1 to 65535. Name must be an
                                                      IANA_SVC_NAME.
                                                    x-kubernetes-int-or-string: true
                                                  scheme:
                                                    description: Scheme to use for
                                                      connecting to the host. Defaults
                                                      to HTTP.
                                                    type: string
                                                required:
                                                - port
                                                type: object
                                              tcpSocket:
                                                description: Deprecated. TCPSocket
                                                  is NOT supported as a LifecycleHandler
                                                  and kept for the backward compatibility.
                                                  There are no validation of this
                                                  field and lifecycle hooks will fail
                                                  in runtime when tcp handler is specified.
                                                properties:
                                                  host:
                                                    description: 'Optional: Host name
                                                      to connect to, defaults to the
                                                      pod IP.'
                                                    type: string
                                                  port:
                                                    anyOf:
                                                    - type: integer
                                                    - type: string
                                                    description: Number or name of
                                                      the port to access on the container.
                                                      Number must be in the range
                                                      1 to 65535. Name must be an
                                                      IANA_SVC_NAME.
                                                    x-kubernetes-int-or-string: true
                                                required:
                                                - port
                                                type: object
                                            type: object
                                          preStop:
                                            description: 'PreStop is called immediately
                                              before a container is terminated due
                                              to an API request or management event
                                              such as liveness/startup probe failure,
                                              preemption, resource contention, etc.
                                              The handler is not called if the container
                                              crashes or exits. The Pod''s termination
                                              grace period countdown begins before
                                              the PreStop hook is executed. Regardless
                                              of the outcome of the handler, the container
                                              will eventually terminate within the
                                              Pod''s termination grace period (unless
                                              delayed by finalizers). Other management
                                              of the container blocks until the hook
                                              completes or until the termination grace
                                              period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
                                            properties:
                                              exec:
                                                description: Exec specifies the action
                                                  to take.
                                                properties:
                                                  command:
                                                    description: Command is the command
                                                      line to execute inside the container,
                                                      the working directory for the
                                                      command  is root ('/') in the
                                                      container's filesystem. The
                                                      command is simply exec'd, it
                                                      is not run inside a shell, so
                                                      traditional shell instructions
                                                      ('|', etc) won't work. To use
                                                      a shell, you need to explicitly
                                                      call out to that shell. Exit
                                                      status of 0 is treated as live/healthy
                                                      and non-zero is unhealthy.
                                                    items:
                                                      type: string
                                                    type: array
                                                type: object
                                              httpGet:
                                                description: HTTPGet specifies the
                                                  http request to perform.
                                                properties:
                                                  host:
                                                    description: Host name to connect
                                                      to, defaults to the pod IP.
                                                      You probably want to set "Host"
                                                      in httpHeaders instead.
                                                    type: string
                                                  httpHeaders:
                                                    description: Custom headers to
                                                      set in the request. HTTP allows
                                                      repeated headers.
                                                    items:
                                                      description: HTTPHeader describes
                                                        a custom header to be used
                                                        in HTTP probes
                                                      properties:
                                                        name:
                                                          description: The header
                                                            field name
                                                          type: string
                                                        value:
                                                          description: The header
                                                            field value
                                                          type: string
                                                      required:
                                                      - name
                                                      - value
                                                      type: object
                                                    type: array
                                                  path:
                                                    description: Path to access on
                                                      the HTTP server.
                                                    type: string
                                                  port:
                                                    anyOf:
                                                    - type: integer
                                                    - type: string
                                                    description: Name or number of
                                                      the port to access on the container.
                                                      Number must be in the range
                                                      1 to 65535. Name must be an
                                                      IANA_SVC_NAME.
                                                    x-kubernetes-int-or-string: true
                                                  scheme:
                                                    description: Scheme to use for
                                                      connecting to the host. Defaults
                                                      to HTTP.
                                                    type: string
                                                required:
                                                - port
                                                type: object
                                              tcpSocket:
                                                description: Deprecated. TCPSocket
                                                  is NOT supported as a LifecycleHandler
                                                  and kept for the backward compatibility.
                                                  There are no validation of this
                                                  field and lifecycle hooks will fail
                                                  in runtime when tcp handler is specified.
                                                properties:
                                                  host:
                                                    description: 'Optional: Host name
                                                      to connect to, defaults to the
                                                      pod IP.'
                                                    type: string
                                                  port:
                                                    anyOf:
                                                    - type: integer
                                                    - type: string
                                                    description: Number or name of
                                                      the port to access on the container.
                                                      Number must be in the range
                                                      1 to 65535. Name must be an
                                                      IANA_SVC_NAME.
                                                    x-kubernetes-int-or-string: true
                                                required:
                                                - port
                                                type: object
                                            type: object
                                        type: object
                                      livenessProbe:
                                        description: 'Periodic probe of container
                                          liveness. Container will be restarted if
                                          the probe fails. Cannot be updated. More
                                          info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                        properties:
                                          exec:
                                            description: Exec specifies the action
                                              to take.
                                            properties:
                                              command:
                                                description: Command is the command
                                                  line to execute inside the container,
                                                  the working directory for the command  is
                                                  root ('/') in the container's filesystem.
                                                  The command is simply exec'd, it
                                                  is not run inside a shell, so traditional
                                                  shell instructions ('|', etc) won't
                                                  work. To use a shell, you need to
                                                  explicitly call out to that shell.
                                                  Exit status of 0 is treated as live/healthy
                                                  and non-zero is unhealthy.
                                                items:
                                                  type: string
                                                type: array
                                            type: object
                                          failureThreshold:
                                            description: Minimum consecutive failures
                                              for the probe to be considered failed
                                              after having succeeded. Defaults to
                                              3. Minimum value is 1.
                                            format: int32
                                            type: integer
                                          grpc:
                                            description: GRPC specifies an action
                                              involving a GRPC port. This is a beta
                                              field and requires enabling GRPCContainerProbe
                                              feature gate.
                                            properties:
                                              port:
                                                description: Port number of the gRPC
                                                  service. Number must be in the range
                                                  1 to 65535.
                                                format: int32
                                                type: integer
                                              service:
                                                description: "Service is the name
                                                  of the service to place in the gRPC
                                                  HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                                  \n If this is not specified, the
                                                  default behavior is defined by gRPC."
                                                type: string
                                            required:
                                            - port
                                            type: object
                                          httpGet:
                                            description: HTTPGet specifies the http
                                              request to perform.
                                            properties:
                                              host:
                                                description: Host name to connect
                                                  to, defaults to the pod IP. You
                                                  probably want to set "Host" in httpHeaders
                                                  instead.
                                                type: string
                                              httpHeaders:
                                                description: Custom headers to set
                                                  in the request. HTTP allows repeated
                                                  headers.
                                                items:
                                                  description: HTTPHeader describes
                                                    a custom header to be used in
                                                    HTTP probes
                                                  properties:
                                                    name:
                                                      description: The header field
                                                        name
                                                      type: string
                                                    value:
                                                      description: The header field
                                                        value
                                                      type: string
                                                  required:
                                                  - name
                                                  - value
                                                  type: object
                                                type: array
                                              path:
                                                description: Path to access on the
                                                  HTTP server.
                                                type: string
                                              port:
                                                anyOf:
                                                - type: integer
                                                - type: string
                                                description: Name or number of the
                                                  port to access on the container.
                                                  Number must be in the range 1 to
                                                  65535. Name must be an IANA_SVC_NAME.
                                                x-kubernetes-int-or-string: true
                                              scheme:
                                                description: Scheme to use for connecting
                                                  to the host. Defaults to HTTP.
                                                type: string
                                            required:
                                            - port
                                            type: object
                                          initialDelaySeconds:
                                            description: 'Number of seconds after
                                              the container has started before liveness
                                              probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                            format: int32
                                            type: integer
                                          periodSeconds:
                                            description: How often (in seconds) to
                                              perform the probe. Default to 10 seconds.
                                              Minimum value is 1.
                                            format: int32
                                            type: integer
                                          successThreshold:
                                            description: Minimum consecutive successes
                                              for the probe to be considered successful
                                              after having failed. Defaults to 1.
                                              Must be 1 for liveness and startup.
                                              Minimum value is 1.
                                            format: int32
                                            type: integer
                                          tcpSocket:
                                            description: TCPSocket specifies an action
                                              involving a TCP port.
                                            properties:
                                              host:
                                                description: 'Optional: Host name
                                                  to connect to, defaults to the pod
                                                  IP.'
                                                type: string
                                              port:
                                                anyOf:
                                                - type: integer
                                                - type: string
                                                description: Number or name of the
                                                  port to access on the container.
                                                  Number must be in the range 1 to
                                                  65535. Name must be an IANA_SVC_NAME.
                                                x-kubernetes-int-or-string: true
                                            required:
                                            - port
                                            type: object
                                          terminationGracePeriodSeconds:
                                            description: Optional duration in seconds
                                              the pod needs to terminate gracefully
                                              upon probe failure. The grace period
                                              is the duration in seconds after the
                                              processes running in the pod are sent
                                              a termination signal and the time when
                                              the processes are forcibly halted with
                                              a kill signal. Set this value longer
                                              than the expected cleanup time for your
                                              process. If this value is nil, the pod's
                                              terminationGracePeriodSeconds will be
                                              used. Otherwise, this value overrides
                                              the value provided by the pod spec.
                                              Value must be non-negative integer.
                                              The value zero indicates stop immediately
                                              via the kill signal (no opportunity
                                              to shut down). This is a beta field
                                              and requires enabling ProbeTerminationGracePeriod
                                              feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
                                              is used if unset.
                                            format: int64
                                            type: integer
                                          timeoutSeconds:
                                            description: 'Number of seconds after
                                              which the probe times out. Defaults
                                              to 1 second. Minimum value is 1. More
                                              info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                            format: int32
                                            type: integer
                                        type: object
                                      name:
                                        description: Name of the container specified
                                          as a DNS_LABEL. Each container in a pod
                                          must have a unique name (DNS_LABEL). Cannot
                                          be updated.
                                        type: string
                                      ports:
                                        description: List of ports to expose from
                                          the container. Exposing a port here gives
                                          the system additional information about
                                          the network connections a container uses,
                                          but is primarily informational. Not specifying
                                          a port here DOES NOT prevent that port from
                                          being exposed. Any port which is listening
                                          on the default "0.0.0.0" address inside
                                          a container will be accessible from the
                                          network. Cannot be updated.
                                        items:
                                          description: ContainerPort represents a
                                            network port in a single container.
                                          properties:
                                            containerPort:
                                              description: Number of port to expose
                                                on the pod's IP address. This must
                                                be a valid port number, 0 < x < 65536.
                                              format: int32
                                              type: integer
                                            hostIP:
                                              description: What host IP to bind the
                                                external port to.
                                              type: string
                                            hostPort:
                                              description: Number of port to expose
                                                on the host. If specified, this must
                                                be a valid port number, 0 < x < 65536.
                                                If HostNetwork is specified, this
                                                must match ContainerPort. Most containers
                                                do not need this.
                                              format: int32
                                              type: integer
                                            name:
                                              description: If specified, this must
                                                be an IANA_SVC_NAME and unique within
                                                the pod. Each named port in a pod
                                                must have a unique name. Name for
                                                the port that can be referred to by
                                                services.
                                              type: string
                                            protocol:
                                              default: TCP
                                              description: Protocol for port. Must
                                                be UDP, TCP, or SCTP. Defaults to
                                                "TCP".
                                              type: string
                                          required:
                                          - containerPort
                                          type: object
                                        type: array
                                        x-kubernetes-list-map-keys:
                                        - containerPort
                                        - protocol
                                        x-kubernetes-list-type: map
                                      readinessProbe:
                                        description: 'Periodic probe of container
                                          service readiness. Container will be removed
                                          from service endpoints if the probe fails.
                                          Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                        properties:
                                          exec:
                                            description: Exec specifies the action
                                              to take.
                                            properties:
                                              command:
                                                description: Command is the command
                                                  line to execute inside the container,
                                                  the working directory for the command  is
                                                  root ('/') in the container's filesystem.
                                                  The command is simply exec'd, it
                                                  is not run inside a shell, so traditional
                                                  shell instructions ('|', etc) won't
                                                  work. To use a shell, you need to
                                                  explicitly call out to that shell.
                                                  Exit status of 0 is treated as live/healthy
                                                  and non-zero is unhealthy.
                                                items:
                                                  type: string
                                                type: array
                                            type: object
                                          failureThreshold:
                                            description: Minimum consecutive failures
                                              for the probe to be considered failed
                                              after having succeeded. Defaults to
                                              3. Minimum value is 1.
                                            format: int32
                                            type: integer
                                          grpc:
                                            description: GRPC specifies an action
                                              involving a GRPC port. This is a beta
                                              field and requires enabling GRPCContainerProbe
                                              feature gate.
                                            properties:
                                              port:
                                                description: Port number of the gRPC
                                                  service. Number must be in the range
                                                  1 to 65535.
                                                format: int32
                                                type: integer
                                              service:
                                                description: "Service is the name
                                                  of the service to place in the gRPC
                                                  HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                                  \n If this is not specified, the
                                                  default behavior is defined by gRPC."
                                                type: string
                                            required:
                                            - port
                                            type: object
                                          httpGet:
                                            description: HTTPGet specifies the http
                                              request to perform.
                                            properties:
                                              host:
                                                description: Host name to connect
                                                  to, defaults to the pod IP. You
                                                  probably want to set "Host" in httpHeaders
                                                  instead.
                                                type: string
                                              httpHeaders:
                                                description: Custom headers to set
                                                  in the request. HTTP allows repeated
                                                  headers.
                                                items:
                                                  description: HTTPHeader describes
                                                    a custom header to be used in
                                                    HTTP probes
                                                  properties:
                                                    name:
                                                      description: The header field
                                                        name
                                                      type: string
                                                    value:
                                                      description: The header field
                                                        value
                                                      type: string
                                                  required:
                                                  - name
                                                  - value
                                                  type: object
                                                type: array
                                              path:
                                                description: Path to access on the
                                                  HTTP server.
                                                type: string
                                              port:
                                                anyOf:
                                                - type: integer
                                                - type: string
                                                description: Name or number of the
                                                  port to access on the container.
                                                  Number must be in the range 1 to
                                                  65535. Name must be an IANA_SVC_NAME.
                                                x-kubernetes-int-or-string: true
                                              scheme:
                                                description: Scheme to use for connecting
                                                  to the host. Defaults to HTTP.
                                                type: string
                                            required:
                                            - port
                                            type: object
                                          initialDelaySeconds:
                                            description: 'Number of seconds after
                                              the container has started before liveness
                                              probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                            format: int32
                                            type: integer
                                          periodSeconds:
                                            description: How often (in seconds) to
                                              perform the probe. Default to 10 seconds.
                                              Minimum value is 1.
                                            format: int32
                                            type: integer
                                          successThreshold:
                                            description: Minimum consecutive successes
                                              for the probe to be considered successful
                                              after having failed. Defaults to 1.
                                              Must be 1 for liveness and startup.
                                              Minimum value is 1.
                                            format: int32
                                            type: integer
                                          tcpSocket:
                                            description: TCPSocket specifies an action
                                              involving a TCP port.
                                            properties:
                                              host:
                                                description: 'Optional: Host name
                                                  to connect to, defaults to the pod
                                                  IP.'
                                                type: string
                                              port:
                                                anyOf:
                                                - type: integer
                                                - type: string
                                                description: Number or name of the
                                                  port to access on the container.
                                                  Number must be in the range 1 to
                                                  65535. Name must be an IANA_SVC_NAME.
                                                x-kubernetes-int-or-string: true
                                            required:
                                            - port
                                            type: object
                                          terminationGracePeriodSeconds:
                                            description: Optional duration in seconds
                                              the pod needs to terminate gracefully
                                              upon probe failure. The grace period
                                              is the duration in seconds after the
                                              processes running in the pod are sent
                                              a termination signal and the time when
                                              the processes are forcibly halted with
                                              a kill signal. Set this value longer
                                              than the expected cleanup time for your
                                              process. If this value is nil, the pod's
                                              terminationGracePeriodSeconds will be
                                              used. Otherwise, this value overrides
                                              the value provided by the pod spec.
                                              Value must be non-negative integer.
                                              The value zero indicates stop immediately
                                              via the kill signal (no opportunity
                                              to shut down). This is a beta field
                                              and requires enabling ProbeTerminationGracePeriod
                                              feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
                                              is used if unset.
                                            format: int64
                                            type: integer
                                          timeoutSeconds:
                                            description: 'Number of seconds after
                                              which the probe times out. Defaults
                                              to 1 second. Minimum value is 1. More
                                              info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                            format: int32
                                            type: integer
                                        type: object
                                      resources:
                                        description: 'Compute Resources required by
                                          this container. Cannot be updated. More
                                          info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                        properties:
                                          limits:
                                            additionalProperties:
                                              anyOf:
                                              - type: integer
                                              - type: string
                                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                              x-kubernetes-int-or-string: true
                                            description: 'Limits describes the maximum
                                              amount of compute resources allowed.
                                              More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                            type: object
                                          requests:
                                            additionalProperties:
                                              anyOf:
                                              - type: integer
                                              - type: string
                                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                              x-kubernetes-int-or-string: true
                                            description: 'Requests describes the minimum
                                              amount of compute resources required.
                                              If Requests is omitted for a container,
                                              it defaults to Limits if that is explicitly
                                              specified, otherwise to an implementation-defined
                                              value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                            type: object
                                        type: object
                                      script:
                                        description: "Script is the contents of an
                                          executable file to execute. \n If Script
                                          is not empty, the Step cannot have an Command
                                          or Args."
                                        type: string
                                      securityContext:
                                        description: 'SecurityContext defines the
                                          security options the container should be
                                          run with. If set, the fields of SecurityContext
                                          override the equivalent fields of PodSecurityContext.
                                          More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
                                        properties:
                                          allowPrivilegeEscalation:
                                            description: 'AllowPrivilegeEscalation
                                              controls whether a process can gain
                                              more privileges than its parent process.
                                              This bool directly controls if the no_new_privs
                                              flag will be set on the container process.
                                              AllowPrivilegeEscalation is true always
                                              when the container is: 1) run as Privileged
                                              2) has CAP_SYS_ADMIN Note that this
                                              field cannot be set when spec.os.name
                                              is windows.'
                                            type: boolean
                                          capabilities:
                                            description: The capabilities to add/drop
                                              when running containers. Defaults to
                                              the default set of capabilities granted
                                              by the container runtime. Note that
                                              this field cannot be set when spec.os.name
                                              is windows.
                                            properties:
                                              add:
                                                description: Added capabilities
                                                items:
                                                  description: Capability represent
                                                    POSIX capabilities type
                                                  type: string
                                                type: array
                                              drop:
                                                description: Removed capabilities
                                                items:
                                                  description: Capability represent
                                                    POSIX capabilities type
                                                  type: string
                                                type: array
                                            type: object
                                          privileged:
                                            description: Run container in privileged
                                              mode. Processes in privileged containers
                                              are essentially equivalent to root on
                                              the host. Defaults to false. Note that
                                              this field cannot be set when spec.os.name
                                              is windows.
                                            type: boolean
                                          procMount:
                                            description: procMount denotes the type
                                              of proc mount to use for the containers.
                                              The default is DefaultProcMount which
                                              uses the container runtime defaults
                                              for readonly paths and masked paths.
                                              This requires the ProcMountType feature
                                              flag to be enabled. Note that this field
                                              cannot be set when spec.os.name is windows.
                                            type: string
                                          readOnlyRootFilesystem:
                                            description: Whether this container has
                                              a read-only root filesystem. Default
                                              is false. Note that this field cannot
                                              be set when spec.os.name is windows.
                                            type: boolean
                                          runAsGroup:
                                            description: The GID to run the entrypoint
                                              of the container process. Uses runtime
                                              default if unset. May also be set in
                                              PodSecurityContext.  If set in both
                                              SecurityContext and PodSecurityContext,
                                              the value specified in SecurityContext
                                              takes precedence. Note that this field
                                              cannot be set when spec.os.name is windows.
                                            format: int64
                                            type: integer
                                          runAsNonRoot:
                                            description: Indicates that the container
                                              must run as a non-root user. If true,
                                              the Kubelet will validate the image
                                              at runtime to ensure that it does not
                                              run as UID 0 (root) and fail to start
                                              the container if it does. If unset or
                                              false, no such validation will be performed.
                                              May also be set in PodSecurityContext.  If
                                              set in both SecurityContext and PodSecurityContext,
                                              the value specified in SecurityContext
                                              takes precedence.
                                            type: boolean
                                          runAsUser:
                                            description: The UID to run the entrypoint
                                              of the container process. Defaults to
                                              user specified in image metadata if
                                              unspecified. May also be set in PodSecurityContext.  If
                                              set in both SecurityContext and PodSecurityContext,
                                              the value specified in SecurityContext
                                              takes precedence. Note that this field
                                              cannot be set when spec.os.name is windows.
                                            format: int64
                                            type: integer
                                          seLinuxOptions:
                                            description: The SELinux context to be
                                              applied to the container. If unspecified,
                                              the container runtime will allocate
                                              a random SELinux context for each container.  May
                                              also be set in PodSecurityContext.  If
                                              set in both SecurityContext and PodSecurityContext,
                                              the value specified in SecurityContext
                                              takes precedence. Note that this field
                                              cannot be set when spec.os.name is windows.
                                            properties:
                                              level:
                                                description: Level is SELinux level
                                                  label that applies to the container.
                                                type: string
                                              role:
                                                description: Role is a SELinux role
                                                  label that applies to the container.
                                                type: string
                                              type:
                                                description: Type is a SELinux type
                                                  label that applies to the container.
                                                type: string
                                              user:
                                                description: User is a SELinux user
                                                  label that applies to the container.
                                                type: string
                                            type: object
                                          seccompProfile:
                                            description: The seccomp options to use
                                              by this container. If seccomp options
                                              are provided at both the pod & container
                                              level, the container options override
                                              the pod options. Note that this field
                                              cannot be set when spec.os.name is windows.
                                            properties:
                                              localhostProfile:
                                                description: localhostProfile indicates
                                                  a profile defined in a file on the
                                                  node should be used. The profile
                                                  must be preconfigured on the node
                                                  to work. Must be a descending path,
                                                  relative to the kubelet's configured
                                                  seccomp profile location. Must only
                                                  be set if type is "Localhost".
                                                type: string
                                              type:
                                                description: "type indicates which
                                                  kind of seccomp profile will be
                                                  applied. Valid options are: \n Localhost
                                                  - a profile defined in a file on
                                                  the node should be used. RuntimeDefault
                                                  - the container runtime default
                                                  profile should be used. Unconfined
                                                  - no profile should be applied."
                                                type: string
                                            required:
                                            - type
                                            type: object
                                          windowsOptions:
                                            description: The Windows specific settings
                                              applied to all containers. If unspecified,
                                              the options from the PodSecurityContext
                                              will be used. If set in both SecurityContext
                                              and PodSecurityContext, the value specified
                                              in SecurityContext takes precedence.
                                              Note that this field cannot be set when
                                              spec.os.name is linux.
                                            properties:
                                              gmsaCredentialSpec:
                                                description: GMSACredentialSpec is
                                                  where the GMSA admission webhook
                                                  (https://github.com/kubernetes-sigs/windows-gmsa)
                                                  inlines the contents of the GMSA
                                                  credential spec named by the GMSACredentialSpecName
                                                  field.
                                                type: string
                                              gmsaCredentialSpecName:
                                                description: GMSACredentialSpecName
                                                  is the name of the GMSA credential
                                                  spec to use.
                                                type: string
                                              hostProcess:
                                                description: HostProcess determines
                                                  if a container should be run as
                                                  a 'Host Process' container. This
                                                  field is alpha-level and will only
                                                  be honored by components that enable
                                                  the WindowsHostProcessContainers
                                                  feature flag. Setting this field
                                                  without the feature flag will result
                                                  in errors when validating the Pod.
                                                  All of a Pod's containers must have
                                                  the same effective HostProcess value
                                                  (it is not allowed to have a mix
                                                  of HostProcess containers and non-HostProcess
                                                  containers).  In addition, if HostProcess
                                                  is true then HostNetwork must also
                                                  be set to true.
                                                type: boolean
                                              runAsUserName:
                                                description: The UserName in Windows
                                                  to run the entrypoint of the container
                                                  process. Defaults to the user specified
                                                  in image metadata if unspecified.
                                                  May also be set in PodSecurityContext.
                                                  If set in both SecurityContext and
                                                  PodSecurityContext, the value specified
                                                  in SecurityContext takes precedence.
                                                type: string
                                            type: object
                                        type: object
                                      startupProbe:
                                        description: 'StartupProbe indicates that
                                          the Pod has successfully initialized. If
                                          specified, no other probes are executed
                                          until this completes successfully. If this
                                          probe fails, the Pod will be restarted,
                                          just as if the livenessProbe failed. This
                                          can be used to provide different probe parameters
                                          at the beginning of a Pod''s lifecycle,
                                          when it might take a long time to load data
                                          or warm a cache, than during steady-state
                                          operation. This cannot be updated. More
                                          info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                        properties:
                                          exec:
                                            description: Exec specifies the action
                                              to take.
                                            properties:
                                              command:
                                                description: Command is the command
                                                  line to execute inside the container,
                                                  the working directory for the command  is
                                                  root ('/') in the container's filesystem.
                                                  The command is simply exec'd, it
                                                  is not run inside a shell, so traditional
                                                  shell instructions ('|', etc) won't
                                                  work. To use a shell, you need to
                                                  explicitly call out to that shell.
                                                  Exit status of 0 is treated as live/healthy
                                                  and non-zero is unhealthy.
                                                items:
                                                  type: string
                                                type: array
                                            type: object
                                          failureThreshold:
                                            description: Minimum consecutive failures
                                              for the probe to be considered failed
                                              after having succeeded. Defaults to
                                              3. Minimum value is 1.
                                            format: int32
                                            type: integer
                                          grpc:
                                            description: GRPC specifies an action
                                              involving a GRPC port. This is a beta
                                              field and requires enabling GRPCContainerProbe
                                              feature gate.
                                            properties:
                                              port:
                                                description: Port number of the gRPC
                                                  service. Number must be in the range
                                                  1 to 65535.
                                                format: int32
                                                type: integer
                                              service:
                                                description: "Service is the name
                                                  of the service to place in the gRPC
                                                  HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                                  \n If this is not specified, the
                                                  default behavior is defined by gRPC."
                                                type: string
                                            required:
                                            - port
                                            type: object
                                          httpGet:
                                            description: HTTPGet specifies the http
                                              request to perform.
                                            properties:
                                              host:
                                                description: Host name to connect
                                                  to, defaults to the pod IP. You
                                                  probably want to set "Host" in httpHeaders
                                                  instead.
                                                type: string
                                              httpHeaders:
                                                description: Custom headers to set
                                                  in the request. HTTP allows repeated
                                                  headers.
                                                items:
                                                  description: HTTPHeader describes
                                                    a custom header to be used in
                                                    HTTP probes
                                                  properties:
                                                    name:
                                                      description: The header field
                                                        name
                                                      type: string
                                                    value:
                                                      description: The header field
                                                        value
                                                      type: string
                                                  required:
                                                  - name
                                                  - value
                                                  type: object
                                                type: array
                                              path:
                                                description: Path to access on the
                                                  HTTP server.
                                                type: string
                                              port:
                                                anyOf:
                                                - type: integer
                                                - type: string
                                                description: Name or number of the
                                                  port to access on the container.
                                                  Number must be in the range 1 to
                                                  65535. Name must be an IANA_SVC_NAME.
                                                x-kubernetes-int-or-string: true
                                              scheme:
                                                description: Scheme to use for connecting
                                                  to the host. Defaults to HTTP.
                                                type: string
                                            required:
                                            - port
                                            type: object
                                          initialDelaySeconds:
                                            description: 'Number of seconds after
                                              the container has started before liveness
                                              probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                            format: int32
                                            type: integer
                                          periodSeconds:
                                            description: How often (in seconds) to
                                              perform the probe. Default to 10 seconds.
                                              Minimum value is 1.
                                            format: int32
                                            type: integer
                                          successThreshold:
                                            description: Minimum consecutive successes
                                              for the probe to be considered successful
                                              after having failed. Defaults to 1.
                                              Must be 1 for liveness and startup.
                                              Minimum value is 1.
                                            format: int32
                                            type: integer
                                          tcpSocket:
                                            description: TCPSocket specifies an action
                                              involving a TCP port.
                                            properties:
                                              host:
                                                description: 'Optional: Host name
                                                  to connect to, defaults to the pod
                                                  IP.'
                                                type: string
                                              port:
                                                anyOf:
                                                - type: integer
                                                - type: string
                                                description: Number or name of the
                                                  port to access on the container.
                                                  Number must be in the range 1 to
                                                  65535. Name must be an IANA_SVC_NAME.
                                                x-kubernetes-int-or-string: true
                                            required:
                                            - port
                                            type: object
                                          terminationGracePeriodSeconds:
                                            description: Optional duration in seconds
                                              the pod needs to terminate gracefully
                                              upon probe failure. The grace period
                                              is the duration in seconds after the
                                              processes running in the pod are sent
                                              a termination signal and the time when
                                              the processes are forcibly halted with
                                              a kill signal. Set this value longer
                                              than the expected cleanup time for your
                                              process. If this value is nil, the pod's
                                              terminationGracePeriodSeconds will be
                                              used. Otherwise, this value overrides
                                              the value provided by the pod spec.
                                              Value must be non-negative integer.
                                              The value zero indicates stop immediately
                                              via the kill signal (no opportunity
                                              to shut down). This is a beta field
                                              and requires enabling ProbeTerminationGracePeriod
                                              feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
                                              is used if unset.
                                            format: int64
                                            type: integer
                                          timeoutSeconds:
                                            description: 'Number of seconds after
                                              which the probe times out. Defaults
                                              to 1 second. Minimum value is 1. More
                                              info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                            format: int32
                                            type: integer
                                        type: object
                                      stdin:
                                        description: Whether this container should
                                          allocate a buffer for stdin in the container
                                          runtime. If this is not set, reads from
                                          stdin in the container will always result
                                          in EOF. Default is false.
                                        type: boolean
                                      stdinOnce:
                                        description: Whether the container runtime
                                          should close the stdin channel after it
                                          has been opened by a single attach. When
                                          stdin is true the stdin stream will remain
                                          open across multiple attach sessions. If
                                          stdinOnce is set to true, stdin is opened
                                          on container start, is empty until the first
                                          client attaches to stdin, and then remains
                                          open and accepts data until the client disconnects,
                                          at which time stdin is closed and remains
                                          closed until the container is restarted.
                                          If this flag is false, a container processes
                                          that reads from stdin will never receive
                                          an EOF. Default is false
                                        type: boolean
                                      terminationMessagePath:
                                        description: 'Optional: Path at which the
                                          file to which the container''s termination
                                          message will be written is mounted into
                                          the container''s filesystem. Message written
                                          is intended to be brief final status, such
                                          as an assertion failure message. Will be
                                          truncated by the node if greater than 4096
                                          bytes. The total message length across all
                                          containers will be limited to 12kb. Defaults
                                          to /dev/termination-log. Cannot be updated.'
                                        type: string
                                      terminationMessagePolicy:
                                        description: Indicate how the termination
                                          message should be populated. File will use
                                          the contents of terminationMessagePath to
                                          populate the container status message on
                                          both success and failure. FallbackToLogsOnError
                                          will use the last chunk of container log
                                          output if the termination message file is
                                          empty and the container exited with an error.
                                          The log output is limited to 2048 bytes
                                          or 80 lines, whichever is smaller. Defaults
                                          to File. Cannot be updated.
                                        type: string
                                      tty:
                                        description: Whether this container should
                                          allocate a TTY for itself, also requires
                                          'stdin' to be true. Default is false.
                                        type: boolean
                                      volumeDevices:
                                        description: volumeDevices is the list of
                                          block devices to be used by the container.
                                        items:
                                          description: volumeDevice describes a mapping
                                            of a raw block device within a container.
                                          properties:
                                            devicePath:
                                              description: devicePath is the path
                                                inside of the container that the device
                                                will be mapped to.
                                              type: string
                                            name:
                                              description: name must match the name
                                                of a persistentVolumeClaim in the
                                                pod
                                              type: string
                                          required:
                                          - devicePath
                                          - name
                                          type: object
                                        type: array
                                        x-kubernetes-list-type: atomic
                                      volumeMounts:
                                        description: Pod volumes to mount into the
                                          container's filesystem. Cannot be updated.
                                        items:
                                          description: VolumeMount describes a mounting
                                            of a Volume within a container.
                                          properties:
                                            mountPath:
                                              description: Path within the container
                                                at which the volume should be mounted.  Must
                                                not contain ':'.
                                              type: string
                                            mountPropagation:
                                              description: mountPropagation determines
                                                how mounts are propagated from the
                                                host to container and the other way
                                                around. When not set, MountPropagationNone
                                                is used. This field is beta in 1.10.
                                              type: string
                                            name:
                                              description: This must match the Name
                                                of a Volume.
                                              type: string
                                            readOnly:
                                              description: Mounted read-only if true,
                                                read-write otherwise (false or unspecified).
                                                Defaults to false.
                                              type: boolean
                                            subPath:
                                              description: Path within the volume
                                                from which the container's volume
                                                should be mounted. Defaults to ""
                                                (volume's root).
                                              type: string
                                            subPathExpr:
                                              description: Expanded path within the
                                                volume from which the container's
                                                volume should be mounted. Behaves
                                                similarly to SubPath but environment
                                                variable references $(VAR_NAME) are
                                                expanded using the container's environment.
                                                Defaults to "" (volume's root). SubPathExpr
                                                and SubPath are mutually exclusive.
                                              type: string
                                          required:
                                          - mountPath
                                          - name
                                          type: object
                                        type: array
                                        x-kubernetes-list-type: atomic
                                      workingDir:
                                        description: Container's working directory.
                                          If not specified, the container runtime's
                                          default will be used, which might be configured
                                          in the container image. Cannot be updated.
                                        type: string
                                      workspaces:
                                        description: "This is an alpha field. You
                                          must set the \"enable-api-fields\" feature
                                          flag to \"alpha\" for this field to be supported.
                                          \n Workspaces is a list of workspaces from
                                          the Task that this Sidecar wants exclusive
                                          access to. Adding a workspace to this list
                                          means that any other Step or Sidecar that
                                          does not also request this Workspace will
                                          not have access to it."
                                        items:
                                          description: WorkspaceUsage is used by a
                                            Step or Sidecar to declare that it wants
                                            isolated access to a Workspace defined
                                            in a Task.
                                          properties:
                                            mountPath:
                                              description: MountPath is the path that
                                                the workspace should be mounted to
                                                inside the Step or Sidecar, overriding
                                                any MountPath specified in the Task's
                                                WorkspaceDeclaration.
                                              type: string
                                            name:
                                              description: Name is the name of the
                                                workspace this Step or Sidecar wants
                                                access to.
                                              type: string
                                          required:
                                          - mountPath
                                          - name
                                          type: object
                                        type: array
                                        x-kubernetes-list-type: atomic
                                    required:
                                    - name
                                    type: object
                                  type: array
                                  x-kubernetes-list-type: atomic
                                stepTemplate:
                                  description: StepTemplate can be used as the basis
                                    for all step containers within the Task, so that
                                    the steps inherit settings on the base container.
                                  properties:
                                    args:
                                      description: 'Arguments to the entrypoint. The
                                        docker image''s CMD is used if this is not
                                        provided. Variable references $(VAR_NAME)
                                        are expanded using the container''s environment.
                                        If a variable cannot be resolved, the reference
                                        in the input string will be unchanged. Double
                                        $$ are reduced to a single $, which allows
                                        for escaping the $(VAR_NAME) syntax: i.e.
                                        "$$(VAR_NAME)" will produce the string literal
                                        "$(VAR_NAME)". Escaped references will never
                                        be expanded, regardless of whether the variable
                                        exists or not. Cannot be updated. More info:
                                        https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
                                      items:
                                        type: string
                                      type: array
                                      x-kubernetes-list-type: atomic
                                    command:
                                      description: 'Entrypoint array. Not executed
                                        within a shell. The docker image''s ENTRYPOINT
                                        is used if this is not provided. Variable
                                        references $(VAR_NAME) are expanded using
                                        the container''s environment. If a variable
                                        cannot be resolved, the reference in the input
                                        string will be unchanged. Double $$ are reduced
                                        to a single $, which allows for escaping the
                                        $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
                                        produce the string literal "$(VAR_NAME)".
                                        Escaped references will never be expanded,
                                        regardless of whether the variable exists
                                        or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
                                      items:
                                        type: string
                                      type: array
                                      x-kubernetes-list-type: atomic
                                    env:
                                      description: List of environment variables to
                                        set in the container. Cannot be updated.
                                      items:
                                        description: EnvVar represents an environment
                                          variable present in a Container.
                                        properties:
                                          name:
                                            description: Name of the environment variable.
                                              Must be a C_IDENTIFIER.
                                            type: string
                                          value:
                                            description: 'Variable references $(VAR_NAME)
                                              are expanded using the previously defined
                                              environment variables in the container
                                              and any service environment variables.
                                              If a variable cannot be resolved, the
                                              reference in the input string will be
                                              unchanged. Double $$ are reduced to
                                              a single $, which allows for escaping
                                              the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
                                              will produce the string literal "$(VAR_NAME)".
                                              Escaped references will never be expanded,
                                              regardless of whether the variable exists
                                              or not. Defaults to "".'
                                            type: string
                                          valueFrom:
                                            description: Source for the environment
                                              variable's value. Cannot be used if
                                              value is not empty.
                                            properties:
                                              configMapKeyRef:
                                                description: Selects a key of a ConfigMap.
                                                properties:
                                                  key:
                                                    description: The key to select.
                                                    type: string
                                                  name:
                                                    description: 'Name of the referent.
                                                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                      TODO: Add other useful fields.
                                                      apiVersion, kind, uid?'
                                                    type: string
                                                  optional:
                                                    description: Specify whether the
                                                      ConfigMap or its key must be
                                                      defined
                                                    type: boolean
                                                required:
                                                - key
                                                type: object
                                              fieldRef:
                                                description: 'Selects a field of the
                                                  pod: supports metadata.name, metadata.namespace,
                                                  `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`,
                                                  spec.nodeName, spec.serviceAccountName,
                                                  status.hostIP, status.podIP, status.podIPs.'
                                                properties:
                                                  apiVersion:
                                                    description: Version of the schema
                                                      the FieldPath is written in
                                                      terms of, defaults to "v1".
                                                    type: string
                                                  fieldPath:
                                                    description: Path of the field
                                                      to select in the specified API
                                                      version.
                                                    type: string
                                                required:
                                                - fieldPath
                                                type: object
                                              resourceFieldRef:
                                                description: 'Selects a resource of
                                                  the container: only resources limits
                                                  and requests (limits.cpu, limits.memory,
                                                  limits.ephemeral-storage, requests.cpu,
                                                  requests.memory and requests.ephemeral-storage)
                                                  are currently supported.'
                                                properties:
                                                  containerName:
                                                    description: 'Container name:
                                                      required for volumes, optional
                                                      for env vars'
                                                    type: string
                                                  divisor:
                                                    anyOf:
                                                    - type: integer
                                                    - type: string
                                                    description: Specifies the output
                                                      format of the exposed resources,
                                                      defaults to "1"
                                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                    x-kubernetes-int-or-string: true
                                                  resource:
                                                    description: 'Required: resource
                                                      to select'
                                                    type: string
                                                required:
                                                - resource
                                                type: object
                                              secretKeyRef:
                                                description: Selects a key of a secret
                                                  in the pod's namespace
                                                properties:
                                                  key:
                                                    description: The key of the secret
                                                      to select from.  Must be a valid
                                                      secret key.
                                                    type: string
                                                  name:
                                                    description: 'Name of the referent.
                                                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                      TODO: Add other useful fields.
                                                      apiVersion, kind, uid?'
                                                    type: string
                                                  optional:
                                                    description: Specify whether the
                                                      Secret or its key must be defined
                                                    type: boolean
                                                required:
                                                - key
                                                type: object
                                            type: object
                                        required:
                                        - name
                                        type: object
                                      type: array
                                      x-kubernetes-list-type: atomic
                                    envFrom:
                                      description: List of sources to populate environment
                                        variables in the container. The keys defined
                                        within a source must be a C_IDENTIFIER. All
                                        invalid keys will be reported as an event
                                        when the container is starting. When a key
                                        exists in multiple sources, the value associated
                                        with the last source will take precedence.
                                        Values defined by an Env with a duplicate
                                        key will take precedence. Cannot be updated.
                                      items:
                                        description: EnvFromSource represents the
                                          source of a set of ConfigMaps
                                        properties:
                                          configMapRef:
                                            description: The ConfigMap to select from
                                            properties:
                                              name:
                                                description: 'Name of the referent.
                                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                  TODO: Add other useful fields. apiVersion,
                                                  kind, uid?'
                                                type: string
                                              optional:
                                                description: Specify whether the ConfigMap
                                                  must be defined
                                                type: boolean
                                            type: object
                                          prefix:
                                            description: An optional identifier to
                                              prepend to each key in the ConfigMap.
                                              Must be a C_IDENTIFIER.
                                            type: string
                                          secretRef:
                                            description: The Secret to select from
                                            properties:
                                              name:
                                                description: 'Name of the referent.
                                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                  TODO: Add other useful fields. apiVersion,
                                                  kind, uid?'
                                                type: string
                                              optional:
                                                description: Specify whether the Secret
                                                  must be defined
                                                type: boolean
                                            type: object
                                        type: object
                                      type: array
                                      x-kubernetes-list-type: atomic
                                    image:
                                      description: 'Docker image name. More info:
                                        https://kubernetes.io/docs/concepts/containers/images
                                        This field is optional to allow higher level
                                        config management to default or override container
                                        images in workload controllers like Deployments
                                        and StatefulSets.'
                                      type: string
                                    imagePullPolicy:
                                      description: 'Image pull policy. One of Always,
                                        Never, IfNotPresent. Defaults to Always if
                                        :latest tag is specified, or IfNotPresent
                                        otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
                                      type: string
                                    lifecycle:
                                      description: Deprecated. This field will be
                                        removed in a future release. Actions that
                                        the management system should take in response
                                        to container lifecycle events. Cannot be updated.
                                      properties:
                                        postStart:
                                          description: 'PostStart is called immediately
                                            after a container is created. If the handler
                                            fails, the container is terminated and
                                            restarted according to its restart policy.
                                            Other management of the container blocks
                                            until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
                                          properties:
                                            exec:
                                              description: Exec specifies the action
                                                to take.
                                              properties:
                                                command:
                                                  description: Command is the command
                                                    line to execute inside the container,
                                                    the working directory for the
                                                    command  is root ('/') in the
                                                    container's filesystem. The command
                                                    is simply exec'd, it is not run
                                                    inside a shell, so traditional
                                                    shell instructions ('|', etc)
                                                    won't work. To use a shell, you
                                                    need to explicitly call out to
                                                    that shell. Exit status of 0 is
                                                    treated as live/healthy and non-zero
                                                    is unhealthy.
                                                  items:
                                                    type: string
                                                  type: array
                                              type: object
                                            httpGet:
                                              description: HTTPGet specifies the http
                                                request to perform.
                                              properties:
                                                host:
                                                  description: Host name to connect
                                                    to, defaults to the pod IP. You
                                                    probably want to set "Host" in
                                                    httpHeaders instead.
                                                  type: string
                                                httpHeaders:
                                                  description: Custom headers to set
                                                    in the request. HTTP allows repeated
                                                    headers.
                                                  items:
                                                    description: HTTPHeader describes
                                                      a custom header to be used in
                                                      HTTP probes
                                                    properties:
                                                      name:
                                                        description: The header field
                                                          name
                                                        type: string
                                                      value:
                                                        description: The header field
                                                          value
                                                        type: string
                                                    required:
                                                    - name
                                                    - value
                                                    type: object
                                                  type: array
                                                path:
                                                  description: Path to access on the
                                                    HTTP server.
                                                  type: string
                                                port:
                                                  anyOf:
                                                  - type: integer
                                                  - type: string
                                                  description: Name or number of the
                                                    port to access on the container.
                                                    Number must be in the range 1
                                                    to 65535. Name must be an IANA_SVC_NAME.
                                                  x-kubernetes-int-or-string: true
                                                scheme:
                                                  description: Scheme to use for connecting
                                                    to the host. Defaults to HTTP.
                                                  type: string
                                              required:
                                              - port
                                              type: object
                                            tcpSocket:
                                              description: Deprecated. TCPSocket is
                                                NOT supported as a LifecycleHandler
                                                and kept for the backward compatibility.
                                                There are no validation of this field
                                                and lifecycle hooks will fail in runtime
                                                when tcp handler is specified.
                                              properties:
                                                host:
                                                  description: 'Optional: Host name
                                                    to connect to, defaults to the
                                                    pod IP.'
                                                  type: string
                                                port:
                                                  anyOf:
                                                  - type: integer
                                                  - type: string
                                                  description: Number or name of the
                                                    port to access on the container.
                                                    Number must be in the range 1
                                                    to 65535. Name must be an IANA_SVC_NAME.
                                                  x-kubernetes-int-or-string: true
                                              required:
                                              - port
                                              type: object
                                          type: object
                                        preStop:
                                          description: 'PreStop is called immediately
                                            before a container is terminated due to
                                            an API request or management event such
                                            as liveness/startup probe failure, preemption,
                                            resource contention, etc. The handler
                                            is not called if the container crashes
                                            or exits. The Pod''s termination grace
                                            period countdown begins before the PreStop
                                            hook is executed. Regardless of the outcome
                                            of the handler, the container will eventually
                                            terminate within the Pod''s termination
                                            grace period (unless delayed by finalizers).
                                            Other management of the container blocks
                                            until the hook completes or until the
                                            termination grace period is reached. More
                                            info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
                                          properties:
                                            exec:
                                              description: Exec specifies the action
                                                to take.
                                              properties:
                                                command:
                                                  description: Command is the command
                                                    line to execute inside the container,
                                                    the working directory for the
                                                    command  is root ('/') in the
                                                    container's filesystem. The command
                                                    is simply exec'd, it is not run
                                                    inside a shell, so traditional
                                                    shell instructions ('|', etc)
                                                    won't work. To use a shell, you
                                                    need to explicitly call out to
                                                    that shell. Exit status of 0 is
                                                    treated as live/healthy and non-zero
                                                    is unhealthy.
                                                  items:
                                                    type: string
                                                  type: array
                                              type: object
                                            httpGet:
                                              description: HTTPGet specifies the http
                                                request to perform.
                                              properties:
                                                host:
                                                  description: Host name to connect
                                                    to, defaults to the pod IP. You
                                                    probably want to set "Host" in
                                                    httpHeaders instead.
                                                  type: string
                                                httpHeaders:
                                                  description: Custom headers to set
                                                    in the request. HTTP allows repeated
                                                    headers.
                                                  items:
                                                    description: HTTPHeader describes
                                                      a custom header to be used in
                                                      HTTP probes
                                                    properties:
                                                      name:
                                                        description: The header field
                                                          name
                                                        type: string
                                                      value:
                                                        description: The header field
                                                          value
                                                        type: string
                                                    required:
                                                    - name
                                                    - value
                                                    type: object
                                                  type: array
                                                path:
                                                  description: Path to access on the
                                                    HTTP server.
                                                  type: string
                                                port:
                                                  anyOf:
                                                  - type: integer
                                                  - type: string
                                                  description: Name or number of the
                                                    port to access on the container.
                                                    Number must be in the range 1
                                                    to 65535. Name must be an IANA_SVC_NAME.
                                                  x-kubernetes-int-or-string: true
                                                scheme:
                                                  description: Scheme to use for connecting
                                                    to the host. Defaults to HTTP.
                                                  type: string
                                              required:
                                              - port
                                              type: object
                                            tcpSocket:
                                              description: Deprecated. TCPSocket is
                                                NOT supported as a LifecycleHandler
                                                and kept for the backward compatibility.
                                                There are no validation of this field
                                                and lifecycle hooks will fail in runtime
                                                when tcp handler is specified.
                                              properties:
                                                host:
                                                  description: 'Optional: Host name
                                                    to connect to, defaults to the
                                                    pod IP.'
                                                  type: string
                                                port:
                                                  anyOf:
                                                  - type: integer
                                                  - type: string
                                                  description: Number or name of the
                                                    port to access on the container.
                                                    Number must be in the range 1
                                                    to 65535. Name must be an IANA_SVC_NAME.
                                                  x-kubernetes-int-or-string: true
                                              required:
                                              - port
                                              type: object
                                          type: object
                                      type: object
                                    livenessProbe:
                                      description: 'Deprecated. This field will be
                                        removed in a future release. Periodic probe
                                        of container liveness. Container will be restarted
                                        if the probe fails. Cannot be updated. More
                                        info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                      properties:
                                        exec:
                                          description: Exec specifies the action to
                                            take.
                                          properties:
                                            command:
                                              description: Command is the command
                                                line to execute inside the container,
                                                the working directory for the command  is
                                                root ('/') in the container's filesystem.
                                                The command is simply exec'd, it is
                                                not run inside a shell, so traditional
                                                shell instructions ('|', etc) won't
                                                work. To use a shell, you need to
                                                explicitly call out to that shell.
                                                Exit status of 0 is treated as live/healthy
                                                and non-zero is unhealthy.
                                              items:
                                                type: string
                                              type: array
                                          type: object
                                        failureThreshold:
                                          description: Minimum consecutive failures
                                            for the probe to be considered failed
                                            after having succeeded. Defaults to 3.
                                            Minimum value is 1.
                                          format: int32
                                          type: integer
                                        grpc:
                                          description: GRPC specifies an action involving
                                            a GRPC port. This is a beta field and
                                            requires enabling GRPCContainerProbe feature
                                            gate.
                                          properties:
                                            port:
                                              description: Port number of the gRPC
                                                service. Number must be in the range
                                                1 to 65535.
                                              format: int32
                                              type: integer
                                            service:
                                              description: "Service is the name of
                                                the service to place in the gRPC HealthCheckRequest
                                                (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                                \n If this is not specified, the default
                                                behavior is defined by gRPC."
                                              type: string
                                          required:
                                          - port
                                          type: object
                                        httpGet:
                                          description: HTTPGet specifies the http
                                            request to perform.
                                          properties:
                                            host:
                                              description: Host name to connect to,
                                                defaults to the pod IP. You probably
                                                want to set "Host" in httpHeaders
                                                instead.
                                              type: string
                                            httpHeaders:
                                              description: Custom headers to set in
                                                the request. HTTP allows repeated
                                                headers.
                                              items:
                                                description: HTTPHeader describes
                                                  a custom header to be used in HTTP
                                                  probes
                                                properties:
                                                  name:
                                                    description: The header field
                                                      name
                                                    type: string
                                                  value:
                                                    description: The header field
                                                      value
                                                    type: string
                                                required:
                                                - name
                                                - value
                                                type: object
                                              type: array
                                            path:
                                              description: Path to access on the HTTP
                                                server.
                                              type: string
                                            port:
                                              anyOf:
                                              - type: integer
                                              - type: string
                                              description: Name or number of the port
                                                to access on the container. Number
                                                must be in the range 1 to 65535. Name
                                                must be an IANA_SVC_NAME.
                                              x-kubernetes-int-or-string: true
                                            scheme:
                                              description: Scheme to use for connecting
                                                to the host. Defaults to HTTP.
                                              type: string
                                          required:
                                          - port
                                          type: object
                                        initialDelaySeconds:
                                          description: 'Number of seconds after the
                                            container has started before liveness
                                            probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                          format: int32
                                          type: integer
                                        periodSeconds:
                                          description: How often (in seconds) to perform
                                            the probe. Default to 10 seconds. Minimum
                                            value is 1.
                                          format: int32
                                          type: integer
                                        successThreshold:
                                          description: Minimum consecutive successes
                                            for the probe to be considered successful
                                            after having failed. Defaults to 1. Must
                                            be 1 for liveness and startup. Minimum
                                            value is 1.
                                          format: int32
                                          type: integer
                                        tcpSocket:
                                          description: TCPSocket specifies an action
                                            involving a TCP port.
                                          properties:
                                            host:
                                              description: 'Optional: Host name to
                                                connect to, defaults to the pod IP.'
                                              type: string
                                            port:
                                              anyOf:
                                              - type: integer
                                              - type: string
                                              description: Number or name of the port
                                                to access on the container. Number
                                                must be in the range 1 to 65535. Name
                                                must be an IANA_SVC_NAME.
                                              x-kubernetes-int-or-string: true
                                          required:
                                          - port
                                          type: object
                                        terminationGracePeriodSeconds:
                                          description: Optional duration in seconds
                                            the pod needs to terminate gracefully
                                            upon probe failure. The grace period is
                                            the duration in seconds after the processes
                                            running in the pod are sent a termination
                                            signal and the time when the processes
                                            are forcibly halted with a kill signal.
                                            Set this value longer than the expected
                                            cleanup time for your process. If this
                                            value is nil, the pod's terminationGracePeriodSeconds
                                            will be used. Otherwise, this value overrides
                                            the value provided by the pod spec. Value
                                            must be non-negative integer. The value
                                            zero indicates stop immediately via the
                                            kill signal (no opportunity to shut down).
                                            This is a beta field and requires enabling
                                            ProbeTerminationGracePeriod feature gate.
                                            Minimum value is 1. spec.terminationGracePeriodSeconds
                                            is used if unset.
                                          format: int64
                                          type: integer
                                        timeoutSeconds:
                                          description: 'Number of seconds after which
                                            the probe times out. Defaults to 1 second.
                                            Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                          format: int32
                                          type: integer
                                      type: object
                                    name:
                                      description: Deprecated. This field will be
                                        removed in a future release. DeprecatedName
                                        of the container specified as a DNS_LABEL.
                                        Each container in a pod must have a unique
                                        name (DNS_LABEL). Cannot be updated.
                                      type: string
                                    ports:
                                      description: Deprecated. This field will be
                                        removed in a future release. List of ports
                                        to expose from the container. Exposing a port
                                        here gives the system additional information
                                        about the network connections a container
                                        uses, but is primarily informational. Not
                                        specifying a port here DOES NOT prevent that
                                        port from being exposed. Any port which is
                                        listening on the default "0.0.0.0" address
                                        inside a container will be accessible from
                                        the network. Cannot be updated.
                                      items:
                                        description: ContainerPort represents a network
                                          port in a single container.
                                        properties:
                                          containerPort:
                                            description: Number of port to expose
                                              on the pod's IP address. This must be
                                              a valid port number, 0 < x < 65536.
                                            format: int32
                                            type: integer
                                          hostIP:
                                            description: What host IP to bind the
                                              external port to.
                                            type: string
                                          hostPort:
                                            description: Number of port to expose
                                              on the host. If specified, this must
                                              be a valid port number, 0 < x < 65536.
                                              If HostNetwork is specified, this must
                                              match ContainerPort. Most containers
                                              do not need this.
                                            format: int32
                                            type: integer
                                          name:
                                            description: If specified, this must be
                                              an IANA_SVC_NAME and unique within the
                                              pod. Each named port in a pod must have
                                              a unique name. Name for the port that
                                              can be referred to by services.
                                            type: string
                                          protocol:
                                            default: TCP
                                            description: Protocol for port. Must be
                                              UDP, TCP, or SCTP. Defaults to "TCP".
                                            type: string
                                        required:
                                        - containerPort
                                        type: object
                                      type: array
                                      x-kubernetes-list-map-keys:
                                      - containerPort
                                      - protocol
                                      x-kubernetes-list-type: map
                                    readinessProbe:
                                      description: 'Deprecated. This field will be
                                        removed in a future release. Periodic probe
                                        of container service readiness. Container
                                        will be removed from service endpoints if
                                        the probe fails. Cannot be updated. More info:
                                        https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                      properties:
                                        exec:
                                          description: Exec specifies the action to
                                            take.
                                          properties:
                                            command:
                                              description: Command is the command
                                                line to execute inside the container,
                                                the working directory for the command  is
                                                root ('/') in the container's filesystem.
                                                The command is simply exec'd, it is
                                                not run inside a shell, so traditional
                                                shell instructions ('|', etc) won't
                                                work. To use a shell, you need to
                                                explicitly call out to that shell.
                                                Exit status of 0 is treated as live/healthy
                                                and non-zero is unhealthy.
                                              items:
                                                type: string
                                              type: array
                                          type: object
                                        failureThreshold:
                                          description: Minimum consecutive failures
                                            for the probe to be considered failed
                                            after having succeeded. Defaults to 3.
                                            Minimum value is 1.
                                          format: int32
                                          type: integer
                                        grpc:
                                          description: GRPC specifies an action involving
                                            a GRPC port. This is a beta field and
                                            requires enabling GRPCContainerProbe feature
                                            gate.
                                          properties:
                                            port:
                                              description: Port number of the gRPC
                                                service. Number must be in the range
                                                1 to 65535.
                                              format: int32
                                              type: integer
                                            service:
                                              description: "Service is the name of
                                                the service to place in the gRPC HealthCheckRequest
                                                (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                                \n If this is not specified, the default
                                                behavior is defined by gRPC."
                                              type: string
                                          required:
                                          - port
                                          type: object
                                        httpGet:
                                          description: HTTPGet specifies the http
                                            request to perform.
                                          properties:
                                            host:
                                              description: Host name to connect to,
                                                defaults to the pod IP. You probably
                                                want to set "Host" in httpHeaders
                                                instead.
                                              type: string
                                            httpHeaders:
                                              description: Custom headers to set in
                                                the request. HTTP allows repeated
                                                headers.
                                              items:
                                                description: HTTPHeader describes
                                                  a custom header to be used in HTTP
                                                  probes
                                                properties:
                                                  name:
                                                    description: The header field
                                                      name
                                                    type: string
                                                  value:
                                                    description: The header field
                                                      value
                                                    type: string
                                                required:
                                                - name
                                                - value
                                                type: object
                                              type: array
                                            path:
                                              description: Path to access on the HTTP
                                                server.
                                              type: string
                                            port:
                                              anyOf:
                                              - type: integer
                                              - type: string
                                              description: Name or number of the port
                                                to access on the container. Number
                                                must be in the range 1 to 65535. Name
                                                must be an IANA_SVC_NAME.
                                              x-kubernetes-int-or-string: true
                                            scheme:
                                              description: Scheme to use for connecting
                                                to the host. Defaults to HTTP.
                                              type: string
                                          required:
                                          - port
                                          type: object
                                        initialDelaySeconds:
                                          description: 'Number of seconds after the
                                            container has started before liveness
                                            probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                          format: int32
                                          type: integer
                                        periodSeconds:
                                          description: How often (in seconds) to perform
                                            the probe. Default to 10 seconds. Minimum
                                            value is 1.
                                          format: int32
                                          type: integer
                                        successThreshold:
                                          description: Minimum consecutive successes
                                            for the probe to be considered successful
                                            after having failed. Defaults to 1. Must
                                            be 1 for liveness and startup. Minimum
                                            value is 1.
                                          format: int32
                                          type: integer
                                        tcpSocket:
                                          description: TCPSocket specifies an action
                                            involving a TCP port.
                                          properties:
                                            host:
                                              description: 'Optional: Host name to
                                                connect to, defaults to the pod IP.'
                                              type: string
                                            port:
                                              anyOf:
                                              - type: integer
                                              - type: string
                                              description: Number or name of the port
                                                to access on the container. Number
                                                must be in the range 1 to 65535. Name
                                                must be an IANA_SVC_NAME.
                                              x-kubernetes-int-or-string: true
                                          required:
                                          - port
                                          type: object
                                        terminationGracePeriodSeconds:
                                          description: Optional duration in seconds
                                            the pod needs to terminate gracefully
                                            upon probe failure. The grace period is
                                            the duration in seconds after the processes
                                            running in the pod are sent a termination
                                            signal and the time when the processes
                                            are forcibly halted with a kill signal.
                                            Set this value longer than the expected
                                            cleanup time for your process. If this
                                            value is nil, the pod's terminationGracePeriodSeconds
                                            will be used. Otherwise, this value overrides
                                            the value provided by the pod spec. Value
                                            must be non-negative integer. The value
                                            zero indicates stop immediately via the
                                            kill signal (no opportunity to shut down).
                                            This is a beta field and requires enabling
                                            ProbeTerminationGracePeriod feature gate.
                                            Minimum value is 1. spec.terminationGracePeriodSeconds
                                            is used if unset.
                                          format: int64
                                          type: integer
                                        timeoutSeconds:
                                          description: 'Number of seconds after which
                                            the probe times out. Defaults to 1 second.
                                            Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                          format: int32
                                          type: integer
                                      type: object
                                    resources:
                                      description: 'Compute Resources required by
                                        this container. Cannot be updated. More info:
                                        https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                      properties:
                                        limits:
                                          additionalProperties:
                                            anyOf:
                                            - type: integer
                                            - type: string
                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                            x-kubernetes-int-or-string: true
                                          description: 'Limits describes the maximum
                                            amount of compute resources allowed. More
                                            info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                          type: object
                                        requests:
                                          additionalProperties:
                                            anyOf:
                                            - type: integer
                                            - type: string
                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                            x-kubernetes-int-or-string: true
                                          description: 'Requests describes the minimum
                                            amount of compute resources required.
                                            If Requests is omitted for a container,
                                            it defaults to Limits if that is explicitly
                                            specified, otherwise to an implementation-defined
                                            value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                          type: object
                                      type: object
                                    securityContext:
                                      description: 'SecurityContext defines the security
                                        options the container should be run with.
                                        If set, the fields of SecurityContext override
                                        the equivalent fields of PodSecurityContext.
                                        More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
                                      properties:
                                        allowPrivilegeEscalation:
                                          description: 'AllowPrivilegeEscalation controls
                                            whether a process can gain more privileges
                                            than its parent process. This bool directly
                                            controls if the no_new_privs flag will
                                            be set on the container process. AllowPrivilegeEscalation
                                            is true always when the container is:
                                            1) run as Privileged 2) has CAP_SYS_ADMIN
                                            Note that this field cannot be set when
                                            spec.os.name is windows.'
                                          type: boolean
                                        capabilities:
                                          description: The capabilities to add/drop
                                            when running containers. Defaults to the
                                            default set of capabilities granted by
                                            the container runtime. Note that this
                                            field cannot be set when spec.os.name
                                            is windows.
                                          properties:
                                            add:
                                              description: Added capabilities
                                              items:
                                                description: Capability represent
                                                  POSIX capabilities type
                                                type: string
                                              type: array
                                            drop:
                                              description: Removed capabilities
                                              items:
                                                description: Capability represent
                                                  POSIX capabilities type
                                                type: string
                                              type: array
                                          type: object
                                        privileged:
                                          description: Run container in privileged
                                            mode. Processes in privileged containers
                                            are essentially equivalent to root on
                                            the host. Defaults to false. Note that
                                            this field cannot be set when spec.os.name
                                            is windows.
                                          type: boolean
                                        procMount:
                                          description: procMount denotes the type
                                            of proc mount to use for the containers.
                                            The default is DefaultProcMount which
                                            uses the container runtime defaults for
                                            readonly paths and masked paths. This
                                            requires the ProcMountType feature flag
                                            to be enabled. Note that this field cannot
                                            be set when spec.os.name is windows.
                                          type: string
                                        readOnlyRootFilesystem:
                                          description: Whether this container has
                                            a read-only root filesystem. Default is
                                            false. Note that this field cannot be
                                            set when spec.os.name is windows.
                                          type: boolean
                                        runAsGroup:
                                          description: The GID to run the entrypoint
                                            of the container process. Uses runtime
                                            default if unset. May also be set in PodSecurityContext.  If
                                            set in both SecurityContext and PodSecurityContext,
                                            the value specified in SecurityContext
                                            takes precedence. Note that this field
                                            cannot be set when spec.os.name is windows.
                                          format: int64
                                          type: integer
                                        runAsNonRoot:
                                          description: Indicates that the container
                                            must run as a non-root user. If true,
                                            the Kubelet will validate the image at
                                            runtime to ensure that it does not run
                                            as UID 0 (root) and fail to start the
                                            container if it does. If unset or false,
                                            no such validation will be performed.
                                            May also be set in PodSecurityContext.  If
                                            set in both SecurityContext and PodSecurityContext,
                                            the value specified in SecurityContext
                                            takes precedence.
                                          type: boolean
                                        runAsUser:
                                          description: The UID to run the entrypoint
                                            of the container process. Defaults to
                                            user specified in image metadata if unspecified.
                                            May also be set in PodSecurityContext.  If
                                            set in both SecurityContext and PodSecurityContext,
                                            the value specified in SecurityContext
                                            takes precedence. Note that this field
                                            cannot be set when spec.os.name is windows.
                                          format: int64
                                          type: integer
                                        seLinuxOptions:
                                          description: The SELinux context to be applied
                                            to the container. If unspecified, the
                                            container runtime will allocate a random
                                            SELinux context for each container.  May
                                            also be set in PodSecurityContext.  If
                                            set in both SecurityContext and PodSecurityContext,
                                            the value specified in SecurityContext
                                            takes precedence. Note that this field
                                            cannot be set when spec.os.name is windows.
                                          properties:
                                            level:
                                              description: Level is SELinux level
                                                label that applies to the container.
                                              type: string
                                            role:
                                              description: Role is a SELinux role
                                                label that applies to the container.
                                              type: string
                                            type:
                                              description: Type is a SELinux type
                                                label that applies to the container.
                                              type: string
                                            user:
                                              description: User is a SELinux user
                                                label that applies to the container.
                                              type: string
                                          type: object
                                        seccompProfile:
                                          description: The seccomp options to use
                                            by this container. If seccomp options
                                            are provided at both the pod & container
                                            level, the container options override
                                            the pod options. Note that this field
                                            cannot be set when spec.os.name is windows.
                                          properties:
                                            localhostProfile:
                                              description: localhostProfile indicates
                                                a profile defined in a file on the
                                                node should be used. The profile must
                                                be preconfigured on the node to work.
                                                Must be a descending path, relative
                                                to the kubelet's configured seccomp
                                                profile location. Must only be set
                                                if type is "Localhost".
                                              type: string
                                            type:
                                              description: "type indicates which kind
                                                of seccomp profile will be applied.
                                                Valid options are: \n Localhost -
                                                a profile defined in a file on the
                                                node should be used. RuntimeDefault
                                                - the container runtime default profile
                                                should be used. Unconfined - no profile
                                                should be applied."
                                              type: string
                                          required:
                                          - type
                                          type: object
                                        windowsOptions:
                                          description: The Windows specific settings
                                            applied to all containers. If unspecified,
                                            the options from the PodSecurityContext
                                            will be used. If set in both SecurityContext
                                            and PodSecurityContext, the value specified
                                            in SecurityContext takes precedence. Note
                                            that this field cannot be set when spec.os.name
                                            is linux.
                                          properties:
                                            gmsaCredentialSpec:
                                              description: GMSACredentialSpec is where
                                                the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
                                                inlines the contents of the GMSA credential
                                                spec named by the GMSACredentialSpecName
                                                field.
                                              type: string
                                            gmsaCredentialSpecName:
                                              description: GMSACredentialSpecName
                                                is the name of the GMSA credential
                                                spec to use.
                                              type: string
                                            hostProcess:
                                              description: HostProcess determines
                                                if a container should be run as a
                                                'Host Process' container. This field
                                                is alpha-level and will only be honored
                                                by components that enable the WindowsHostProcessContainers
                                                feature flag. Setting this field without
                                                the feature flag will result in errors
                                                when validating the Pod. All of a
                                                Pod's containers must have the same
                                                effective HostProcess value (it is
                                                not allowed to have a mix of HostProcess
                                                containers and non-HostProcess containers).  In
                                                addition, if HostProcess is true then
                                                HostNetwork must also be set to true.
                                              type: boolean
                                            runAsUserName:
                                              description: The UserName in Windows
                                                to run the entrypoint of the container
                                                process. Defaults to the user specified
                                                in image metadata if unspecified.
                                                May also be set in PodSecurityContext.
                                                If set in both SecurityContext and
                                                PodSecurityContext, the value specified
                                                in SecurityContext takes precedence.
                                              type: string
                                          type: object
                                      type: object
                                    startupProbe:
                                      description: 'Deprecated. This field will be
                                        removed in a future release. DeprecatedStartupProbe
                                        indicates that the Pod has successfully initialized.
                                        If specified, no other probes are executed
                                        until this completes successfully. If this
                                        probe fails, the Pod will be restarted, just
                                        as if the livenessProbe failed. This can be
                                        used to provide different probe parameters
                                        at the beginning of a Pod''s lifecycle, when
                                        it might take a long time to load data or
                                        warm a cache, than during steady-state operation.
                                        This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                      properties:
                                        exec:
                                          description: Exec specifies the action to
                                            take.
                                          properties:
                                            command:
                                              description: Command is the command
                                                line to execute inside the container,
                                                the working directory for the command  is
                                                root ('/') in the container's filesystem.
                                                The command is simply exec'd, it is
                                                not run inside a shell, so traditional
                                                shell instructions ('|', etc) won't
                                                work. To use a shell, you need to
                                                explicitly call out to that shell.
                                                Exit status of 0 is treated as live/healthy
                                                and non-zero is unhealthy.
                                              items:
                                                type: string
                                              type: array
                                          type: object
                                        failureThreshold:
                                          description: Minimum consecutive failures
                                            for the probe to be considered failed
                                            after having succeeded. Defaults to 3.
                                            Minimum value is 1.
                                          format: int32
                                          type: integer
                                        grpc:
                                          description: GRPC specifies an action involving
                                            a GRPC port. This is a beta field and
                                            requires enabling GRPCContainerProbe feature
                                            gate.
                                          properties:
                                            port:
                                              description: Port number of the gRPC
                                                service. Number must be in the range
                                                1 to 65535.
                                              format: int32
                                              type: integer
                                            service:
                                              description: "Service is the name of
                                                the service to place in the gRPC HealthCheckRequest
                                                (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                                \n If this is not specified, the default
                                                behavior is defined by gRPC."
                                              type: string
                                          required:
                                          - port
                                          type: object
                                        httpGet:
                                          description: HTTPGet specifies the http
                                            request to perform.
                                          properties:
                                            host:
                                              description: Host name to connect to,
                                                defaults to the pod IP. You probably
                                                want to set "Host" in httpHeaders
                                                instead.
                                              type: string
                                            httpHeaders:
                                              description: Custom headers to set in
                                                the request. HTTP allows repeated
                                                headers.
                                              items:
                                                description: HTTPHeader describes
                                                  a custom header to be used in HTTP
                                                  probes
                                                properties:
                                                  name:
                                                    description: The header field
                                                      name
                                                    type: string
                                                  value:
                                                    description: The header field
                                                      value
                                                    type: string
                                                required:
                                                - name
                                                - value
                                                type: object
                                              type: array
                                            path:
                                              description: Path to access on the HTTP
                                                server.
                                              type: string
                                            port:
                                              anyOf:
                                              - type: integer
                                              - type: string
                                              description: Name or number of the port
                                                to access on the container. Number
                                                must be in the range 1 to 65535. Name
                                                must be an IANA_SVC_NAME.
                                              x-kubernetes-int-or-string: true
                                            scheme:
                                              description: Scheme to use for connecting
                                                to the host. Defaults to HTTP.
                                              type: string
                                          required:
                                          - port
                                          type: object
                                        initialDelaySeconds:
                                          description: 'Number of seconds after the
                                            container has started before liveness
                                            probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                          format: int32
                                          type: integer
                                        periodSeconds:
                                          description: How often (in seconds) to perform
                                            the probe. Default to 10 seconds. Minimum
                                            value is 1.
                                          format: int32
                                          type: integer
                                        successThreshold:
                                          description: Minimum consecutive successes
                                            for the probe to be considered successful
                                            after having failed. Defaults to 1. Must
                                            be 1 for liveness and startup. Minimum
                                            value is 1.
                                          format: int32
                                          type: integer
                                        tcpSocket:
                                          description: TCPSocket specifies an action
                                            involving a TCP port.
                                          properties:
                                            host:
                                              description: 'Optional: Host name to
                                                connect to, defaults to the pod IP.'
                                              type: string
                                            port:
                                              anyOf:
                                              - type: integer
                                              - type: string
                                              description: Number or name of the port
                                                to access on the container. Number
                                                must be in the range 1 to 65535. Name
                                                must be an IANA_SVC_NAME.
                                              x-kubernetes-int-or-string: true
                                          required:
                                          - port
                                          type: object
                                        terminationGracePeriodSeconds:
                                          description: Optional duration in seconds
                                            the pod needs to terminate gracefully
                                            upon probe failure. The grace period is
                                            the duration in seconds after the processes
                                            running in the pod are sent a termination
                                            signal and the time when the processes
                                            are forcibly halted with a kill signal.
                                            Set this value longer than the expected
                                            cleanup time for your process. If this
                                            value is nil, the pod's terminationGracePeriodSeconds
                                            will be used. Otherwise, this value overrides
                                            the value provided by the pod spec. Value
                                            must be non-negative integer. The value
                                            zero indicates stop immediately via the
                                            kill signal (no opportunity to shut down).
                                            This is a beta field and requires enabling
                                            ProbeTerminationGracePeriod feature gate.
                                            Minimum value is 1. spec.terminationGracePeriodSeconds
                                            is used if unset.
                                          format: int64
                                          type: integer
                                        timeoutSeconds:
                                          description: 'Number of seconds after which
                                            the probe times out. Defaults to 1 second.
                                            Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                          format: int32
                                          type: integer
                                      type: object
                                    stdin:
                                      description: Deprecated. This field will be
                                        removed in a future release. Whether this
                                        container should allocate a buffer for stdin
                                        in the container runtime. If this is not set,
                                        reads from stdin in the container will always
                                        result in EOF. Default is false.
                                      type: boolean
                                    stdinOnce:
                                      description: Deprecated. This field will be
                                        removed in a future release. Whether the container
                                        runtime should close the stdin channel after
                                        it has been opened by a single attach. When
                                        stdin is true the stdin stream will remain
                                        open across multiple attach sessions. If stdinOnce
                                        is set to true, stdin is opened on container
                                        start, is empty until the first client attaches
                                        to stdin, and then remains open and accepts
                                        data until the client disconnects, at which
                                        time stdin is closed and remains closed until
                                        the container is restarted. If this flag is
                                        false, a container processes that reads from
                                        stdin will never receive an EOF. Default is
                                        false
                                      type: boolean
                                    terminationMessagePath:
                                      description: 'Deprecated. This field will be
                                        removed in a future release. Optional: Path
                                        at which the file to which the container''s
                                        termination message will be written is mounted
                                        into the container''s filesystem. Message
                                        written is intended to be brief final status,
                                        such as an assertion failure message. Will
                                        be truncated by the node if greater than 4096
                                        bytes. The total message length across all
                                        containers will be limited to 12kb. Defaults
                                        to /dev/termination-log. Cannot be updated.'
                                      type: string
                                    terminationMessagePolicy:
                                      description: Deprecated. This field will be
                                        removed in a future release. Indicate how
                                        the termination message should be populated.
                                        File will use the contents of terminationMessagePath
                                        to populate the container status message on
                                        both success and failure. FallbackToLogsOnError
                                        will use the last chunk of container log output
                                        if the termination message file is empty and
                                        the container exited with an error. The log
                                        output is limited to 2048 bytes or 80 lines,
                                        whichever is smaller. Defaults to File. Cannot
                                        be updated.
                                      type: string
                                    tty:
                                      description: Deprecated. This field will be
                                        removed in a future release. Whether this
                                        container should allocate a DeprecatedTTY
                                        for itself, also requires 'stdin' to be true.
                                        Default is false.
                                      type: boolean
                                    volumeDevices:
                                      description: volumeDevices is the list of block
                                        devices to be used by the container.
                                      items:
                                        description: volumeDevice describes a mapping
                                          of a raw block device within a container.
                                        properties:
                                          devicePath:
                                            description: devicePath is the path inside
                                              of the container that the device will
                                              be mapped to.
                                            type: string
                                          name:
                                            description: name must match the name
                                              of a persistentVolumeClaim in the pod
                                            type: string
                                        required:
                                        - devicePath
                                        - name
                                        type: object
                                      type: array
                                      x-kubernetes-list-type: atomic
                                    volumeMounts:
                                      description: Pod volumes to mount into the container's
                                        filesystem. Cannot be updated.
                                      items:
                                        description: VolumeMount describes a mounting
                                          of a Volume within a container.
                                        properties:
                                          mountPath:
                                            description: Path within the container
                                              at which the volume should be mounted.  Must
                                              not contain ':'.
                                            type: string
                                          mountPropagation:
                                            description: mountPropagation determines
                                              how mounts are propagated from the host
                                              to container and the other way around.
                                              When not set, MountPropagationNone is
                                              used. This field is beta in 1.10.
                                            type: string
                                          name:
                                            description: This must match the Name
                                              of a Volume.
                                            type: string
                                          readOnly:
                                            description: Mounted read-only if true,
                                              read-write otherwise (false or unspecified).
                                              Defaults to false.
                                            type: boolean
                                          subPath:
                                            description: Path within the volume from
                                              which the container's volume should
                                              be mounted. Defaults to "" (volume's
                                              root).
                                            type: string
                                          subPathExpr:
                                            description: Expanded path within the
                                              volume from which the container's volume
                                              should be mounted. Behaves similarly
                                              to SubPath but environment variable
                                              references $(VAR_NAME) are expanded
                                              using the container's environment. Defaults
                                              to "" (volume's root). SubPathExpr and
                                              SubPath are mutually exclusive.
                                            type: string
                                        required:
                                        - mountPath
                                        - name
                                        type: object
                                      type: array
                                      x-kubernetes-list-type: atomic
                                    workingDir:
                                      description: Container's working directory.
                                        If not specified, the container runtime's
                                        default will be used, which might be configured
                                        in the container image. Cannot be updated.
                                      type: string
                                  required:
                                  - name
                                  type: object
                                steps:
                                  description: Steps are the steps of the build; each
                                    step is run sequentially with the source mounted
                                    into /workspace.
                                  items:
                                    description: Step runs a subcomponent of a Task
                                    properties:
                                      args:
                                        description: 'Arguments to the entrypoint.
                                          The docker image''s CMD is used if this
                                          is not provided. Variable references $(VAR_NAME)
                                          are expanded using the container''s environment.
                                          If a variable cannot be resolved, the reference
                                          in the input string will be unchanged. Double
                                          $$ are reduced to a single $, which allows
                                          for escaping the $(VAR_NAME) syntax: i.e.
                                          "$$(VAR_NAME)" will produce the string literal
                                          "$(VAR_NAME)". Escaped references will never
                                          be expanded, regardless of whether the variable
                                          exists or not. Cannot be updated. More info:
                                          https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
                                        items:
                                          type: string
                                        type: array
                                        x-kubernetes-list-type: atomic
                                      command:
                                        description: 'Entrypoint array. Not executed
                                          within a shell. The docker image''s ENTRYPOINT
                                          is used if this is not provided. Variable
                                          references $(VAR_NAME) are expanded using
                                          the container''s environment. If a variable
                                          cannot be resolved, the reference in the
                                          input string will be unchanged. Double $$
                                          are reduced to a single $, which allows
                                          for escaping the $(VAR_NAME) syntax: i.e.
                                          "$$(VAR_NAME)" will produce the string literal
                                          "$(VAR_NAME)". Escaped references will never
                                          be expanded, regardless of whether the variable
                                          exists or not. Cannot be updated. More info:
                                          https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
                                        items:
                                          type: string
                                        type: array
                                        x-kubernetes-list-type: atomic
                                      env:
                                        description: List of environment variables
                                          to set in the container. Cannot be updated.
                                        items:
                                          description: EnvVar represents an environment
                                            variable present in a Container.
                                          properties:
                                            name:
                                              description: Name of the environment
                                                variable. Must be a C_IDENTIFIER.
                                              type: string
                                            value:
                                              description: 'Variable references $(VAR_NAME)
                                                are expanded using the previously
                                                defined environment variables in the
                                                container and any service environment
                                                variables. If a variable cannot be
                                                resolved, the reference in the input
                                                string will be unchanged. Double $$
                                                are reduced to a single $, which allows
                                                for escaping the $(VAR_NAME) syntax:
                                                i.e. "$$(VAR_NAME)" will produce the
                                                string literal "$(VAR_NAME)". Escaped
                                                references will never be expanded,
                                                regardless of whether the variable
                                                exists or not. Defaults to "".'
                                              type: string
                                            valueFrom:
                                              description: Source for the environment
                                                variable's value. Cannot be used if
                                                value is not empty.
                                              properties:
                                                configMapKeyRef:
                                                  description: Selects a key of a
                                                    ConfigMap.
                                                  properties:
                                                    key:
                                                      description: The key to select.
                                                      type: string
                                                    name:
                                                      description: 'Name of the referent.
                                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                        TODO: Add other useful fields.
                                                        apiVersion, kind, uid?'
                                                      type: string
                                                    optional:
                                                      description: Specify whether
                                                        the ConfigMap or its key must
                                                        be defined
                                                      type: boolean
                                                  required:
                                                  - key
                                                  type: object
                                                fieldRef:
                                                  description: 'Selects a field of
                                                    the pod: supports metadata.name,
                                                    metadata.namespace, `metadata.labels[''<KEY>'']`,
                                                    `metadata.annotations[''<KEY>'']`,
                                                    spec.nodeName, spec.serviceAccountName,
                                                    status.hostIP, status.podIP, status.podIPs.'
                                                  properties:
                                                    apiVersion:
                                                      description: Version of the
                                                        schema the FieldPath is written
                                                        in terms of, defaults to "v1".
                                                      type: string
                                                    fieldPath:
                                                      description: Path of the field
                                                        to select in the specified
                                                        API version.
                                                      type: string
                                                  required:
                                                  - fieldPath
                                                  type: object
                                                resourceFieldRef:
                                                  description: 'Selects a resource
                                                    of the container: only resources
                                                    limits and requests (limits.cpu,
                                                    limits.memory, limits.ephemeral-storage,
                                                    requests.cpu, requests.memory
                                                    and requests.ephemeral-storage)
                                                    are currently supported.'
                                                  properties:
                                                    containerName:
                                                      description: 'Container name:
                                                        required for volumes, optional
                                                        for env vars'
                                                      type: string
                                                    divisor:
                                                      anyOf:
                                                      - type: integer
                                                      - type: string
                                                      description: Specifies the output
                                                        format of the exposed resources,
                                                        defaults to "1"
                                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                      x-kubernetes-int-or-string: true
                                                    resource:
                                                      description: 'Required: resource
                                                        to select'
                                                      type: string
                                                  required:
                                                  - resource
                                                  type: object
                                                secretKeyRef:
                                                  description: Selects a key of a
                                                    secret in the pod's namespace
                                                  properties:
                                                    key:
                                                      description: The key of the
                                                        secret to select from.  Must
                                                        be a valid secret key.
                                                      type: string
                                                    name:
                                                      description: 'Name of the referent.
                                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                        TODO: Add other useful fields.
                                                        apiVersion, kind, uid?'
                                                      type: string
                                                    optional:
                                                      description: Specify whether
                                                        the Secret or its key must
                                                        be defined
                                                      type: boolean
                                                  required:
                                                  - key
                                                  type: object
                                              type: object
                                          required:
                                          - name
                                          type: object
                                        type: array
                                        x-kubernetes-list-type: atomic
                                      envFrom:
                                        description: List of sources to populate environment
                                          variables in the container. The keys defined
                                          within a source must be a C_IDENTIFIER.
                                          All invalid keys will be reported as an
                                          event when the container is starting. When
                                          a key exists in multiple sources, the value
                                          associated with the last source will take
                                          precedence. Values defined by an Env with
                                          a duplicate key will take precedence. Cannot
                                          be updated.
                                        items:
                                          description: EnvFromSource represents the
                                            source of a set of ConfigMaps
                                          properties:
                                            configMapRef:
                                              description: The ConfigMap to select
                                                from
                                              properties:
                                                name:
                                                  description: 'Name of the referent.
                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                    TODO: Add other useful fields.
                                                    apiVersion, kind, uid?'
                                                  type: string
                                                optional:
                                                  description: Specify whether the
                                                    ConfigMap must be defined
                                                  type: boolean
                                              type: object
                                            prefix:
                                              description: An optional identifier
                                                to prepend to each key in the ConfigMap.
                                                Must be a C_IDENTIFIER.
                                              type: string
                                            secretRef:
                                              description: The Secret to select from
                                              properties:
                                                name:
                                                  description: 'Name of the referent.
                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                    TODO: Add other useful fields.
                                                    apiVersion, kind, uid?'
                                                  type: string
                                                optional:
                                                  description: Specify whether the
                                                    Secret must be defined
                                                  type: boolean
                                              type: object
                                          type: object
                                        type: array
                                        x-kubernetes-list-type: atomic
                                      image:
                                        description: 'Docker image name. More info:
                                          https://kubernetes.io/docs/concepts/containers/images
                                          This field is optional to allow higher level
                                          config management to default or override
                                          container images in workload controllers
                                          like Deployments and StatefulSets.'
                                        type: string
                                      imagePullPolicy:
                                        description: 'Image pull policy. One of Always,
                                          Never, IfNotPresent. Defaults to Always
                                          if :latest tag is specified, or IfNotPresent
                                          otherwise. Cannot be updated. More info:
                                          https://kubernetes.io/docs/concepts/containers/images#updating-images'
                                        type: string
                                      lifecycle:
                                        description: Deprecated. This field will be
                                          removed in a future release. Actions that
                                          the management system should take in response
                                          to container lifecycle events. Cannot be
                                          updated.
                                        properties:
                                          postStart:
                                            description: 'PostStart is called immediately
                                              after a container is created. If the
                                              handler fails, the container is terminated
                                              and restarted according to its restart
                                              policy. Other management of the container
                                              blocks until the hook completes. More
                                              info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
                                            properties:
                                              exec:
                                                description: Exec specifies the action
                                                  to take.
                                                properties:
                                                  command:
                                                    description: Command is the command
                                                      line to execute inside the container,
                                                      the working directory for the
                                                      command  is root ('/') in the
                                                      container's filesystem. The
                                                      command is simply exec'd, it
                                                      is not run inside a shell, so
                                                      traditional shell instructions
                                                      ('|', etc) won't work. To use
                                                      a shell, you need to explicitly
                                                      call out to that shell. Exit
                                                      status of 0 is treated as live/healthy
                                                      and non-zero is unhealthy.
                                                    items:
                                                      type: string
                                                    type: array
                                                type: object
                                              httpGet:
                                                description: HTTPGet specifies the
                                                  http request to perform.
                                                properties:
                                                  host:
                                                    description: Host name to connect
                                                      to, defaults to the pod IP.
                                                      You probably want to set "Host"
                                                      in httpHeaders instead.
                                                    type: string
                                                  httpHeaders:
                                                    description: Custom headers to
                                                      set in the request. HTTP allows
                                                      repeated headers.
                                                    items:
                                                      description: HTTPHeader describes
                                                        a custom header to be used
                                                        in HTTP probes
                                                      properties:
                                                        name:
                                                          description: The header
                                                            field name
                                                          type: string
                                                        value:
                                                          description: The header
                                                            field value
                                                          type: string
                                                      required:
                                                      - name
                                                      - value
                                                      type: object
                                                    type: array
                                                  path:
                                                    description: Path to access on
                                                      the HTTP server.
                                                    type: string
                                                  port:
                                                    anyOf:
                                                    - type: integer
                                                    - type: string
                                                    description: Name or number of
                                                      the port to access on the container.
                                                      Number must be in the range
                                                      1 to 65535. Name must be an
                                                      IANA_SVC_NAME.
                                                    x-kubernetes-int-or-string: true
                                                  scheme:
                                                    description: Scheme to use for
                                                      connecting to the host. Defaults
                                                      to HTTP.
                                                    type: string
                                                required:
                                                - port
                                                type: object
                                              tcpSocket:
                                                description: Deprecated. TCPSocket
                                                  is NOT supported as a LifecycleHandler
                                                  and kept for the backward compatibility.
                                                  There are no validation of this
                                                  field and lifecycle hooks will fail
                                                  in runtime when tcp handler is specified.
                                                properties:
                                                  host:
                                                    description: 'Optional: Host name
                                                      to connect to, defaults to the
                                                      pod IP.'
                                                    type: string
                                                  port:
                                                    anyOf:
                                                    - type: integer
                                                    - type: string
                                                    description: Number or name of
                                                      the port to access on the container.
                                                      Number must be in the range
                                                      1 to 65535. Name must be an
                                                      IANA_SVC_NAME.
                                                    x-kubernetes-int-or-string: true
                                                required:
                                                - port
                                                type: object
                                            type: object
                                          preStop:
                                            description: 'PreStop is called immediately
                                              before a container is terminated due
                                              to an API request or management event
                                              such as liveness/startup probe failure,
                                              preemption, resource contention, etc.
                                              The handler is not called if the container
                                              crashes or exits. The Pod''s termination
                                              grace period countdown begins before
                                              the PreStop hook is executed. Regardless
                                              of the outcome of the handler, the container
                                              will eventually terminate within the
                                              Pod''s termination grace period (unless
                                              delayed by finalizers). Other management
                                              of the container blocks until the hook
                                              completes or until the termination grace
                                              period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
                                            properties:
                                              exec:
                                                description: Exec specifies the action
                                                  to take.
                                                properties:
                                                  command:
                                                    description: Command is the command
                                                      line to execute inside the container,
                                                      the working directory for the
                                                      command  is root ('/') in the
                                                      container's filesystem. The
                                                      command is simply exec'd, it
                                                      is not run inside a shell, so
                                                      traditional shell instructions
                                                      ('|', etc) won't work. To use
                                                      a shell, you need to explicitly
                                                      call out to that shell. Exit
                                                      status of 0 is treated as live/healthy
                                                      and non-zero is unhealthy.
                                                    items:
                                                      type: string
                                                    type: array
                                                type: object
                                              httpGet:
                                                description: HTTPGet specifies the
                                                  http request to perform.
                                                properties:
                                                  host:
                                                    description: Host name to connect
                                                      to, defaults to the pod IP.
                                                      You probably want to set "Host"
                                                      in httpHeaders instead.
                                                    type: string
                                                  httpHeaders:
                                                    description: Custom headers to
                                                      set in the request. HTTP allows
                                                      repeated headers.
                                                    items:
                                                      description: HTTPHeader describes
                                                        a custom header to be used
                                                        in HTTP probes
                                                      properties:
                                                        name:
                                                          description: The header
                                                            field name
                                                          type: string
                                                        value:
                                                          description: The header
                                                            field value
                                                          type: string
                                                      required:
                                                      - name
                                                      - value
                                                      type: object
                                                    type: array
                                                  path:
                                                    description: Path to access on
                                                      the HTTP server.
                                                    type: string
                                                  port:
                                                    anyOf:
                                                    - type: integer
                                                    - type: string
                                                    description: Name or number of
                                                      the port to access on the container.
                                                      Number must be in the range
                                                      1 to 65535. Name must be an
                                                      IANA_SVC_NAME.
                                                    x-kubernetes-int-or-string: true
                                                  scheme:
                                                    description: Scheme to use for
                                                      connecting to the host. Defaults
                                                      to HTTP.
                                                    type: string
                                                required:
                                                - port
                                                type: object
                                              tcpSocket:
                                                description: Deprecated. TCPSocket
                                                  is NOT supported as a LifecycleHandler
                                                  and kept for the backward compatibility.
                                                  There are no validation of this
                                                  field and lifecycle hooks will fail
                                                  in runtime when tcp handler is specified.
                                                properties:
                                                  host:
                                                    description: 'Optional: Host name
                                                      to connect to, defaults to the
                                                      pod IP.'
                                                    type: string
                                                  port:
                                                    anyOf:
                                                    - type: integer
                                                    - type: string
                                                    description: Number or name of
                                                      the port to access on the container.
                                                      Number must be in the range
                                                      1 to 65535. Name must be an
                                                      IANA_SVC_NAME.
                                                    x-kubernetes-int-or-string: true
                                                required:
                                                - port
                                                type: object
                                            type: object
                                        type: object
                                      livenessProbe:
                                        description: 'Deprecated. This field will
                                          be removed in a future release. Periodic
                                          probe of container liveness. Container will
                                          be restarted if the probe fails. Cannot
                                          be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                        properties:
                                          exec:
                                            description: Exec specifies the action
                                              to take.
                                            properties:
                                              command:
                                                description: Command is the command
                                                  line to execute inside the container,
                                                  the working directory for the command  is
                                                  root ('/') in the container's filesystem.
                                                  The command is simply exec'd, it
                                                  is not run inside a shell, so traditional
                                                  shell instructions ('|', etc) won't
                                                  work. To use a shell, you need to
                                                  explicitly call out to that shell.
                                                  Exit status of 0 is treated as live/healthy
                                                  and non-zero is unhealthy.
                                                items:
                                                  type: string
                                                type: array
                                            type: object
                                          failureThreshold:
                                            description: Minimum consecutive failures
                                              for the probe to be considered failed
                                              after having succeeded. Defaults to
                                              3. Minimum value is 1.
                                            format: int32
                                            type: integer
                                          grpc:
                                            description: GRPC specifies an action
                                              involving a GRPC port. This is a beta
                                              field and requires enabling GRPCContainerProbe
                                              feature gate.
                                            properties:
                                              port:
                                                description: Port number of the gRPC
                                                  service. Number must be in the range
                                                  1 to 65535.
                                                format: int32
                                                type: integer
                                              service:
                                                description: "Service is the name
                                                  of the service to place in the gRPC
                                                  HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                                  \n If this is not specified, the
                                                  default behavior is defined by gRPC."
                                                type: string
                                            required:
                                            - port
                                            type: object
                                          httpGet:
                                            description: HTTPGet specifies the http
                                              request to perform.
                                            properties:
                                              host:
                                                description: Host name to connect
                                                  to, defaults to the pod IP. You
                                                  probably want to set "Host" in httpHeaders
                                                  instead.
                                                type: string
                                              httpHeaders:
                                                description: Custom headers to set
                                                  in the request. HTTP allows repeated
                                                  headers.
                                                items:
                                                  description: HTTPHeader describes
                                                    a custom header to be used in
                                                    HTTP probes
                                                  properties:
                                                    name:
                                                      description: The header field
                                                        name
                                                      type: string
                                                    value:
                                                      description: The header field
                                                        value
                                                      type: string
                                                  required:
                                                  - name
                                                  - value
                                                  type: object
                                                type: array
                                              path:
                                                description: Path to access on the
                                                  HTTP server.
                                                type: string
                                              port:
                                                anyOf:
                                                - type: integer
                                                - type: string
                                                description: Name or number of the
                                                  port to access on the container.
                                                  Number must be in the range 1 to
                                                  65535. Name must be an IANA_SVC_NAME.
                                                x-kubernetes-int-or-string: true
                                              scheme:
                                                description: Scheme to use for connecting
                                                  to the host. Defaults to HTTP.
                                                type: string
                                            required:
                                            - port
                                            type: object
                                          initialDelaySeconds:
                                            description: 'Number of seconds after
                                              the container has started before liveness
                                              probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                            format: int32
                                            type: integer
                                          periodSeconds:
                                            description: How often (in seconds) to
                                              perform the probe. Default to 10 seconds.
                                              Minimum value is 1.
                                            format: int32
                                            type: integer
                                          successThreshold:
                                            description: Minimum consecutive successes
                                              for the probe to be considered successful
                                              after having failed. Defaults to 1.
                                              Must be 1 for liveness and startup.
                                              Minimum value is 1.
                                            format: int32
                                            type: integer
                                          tcpSocket:
                                            description: TCPSocket specifies an action
                                              involving a TCP port.
                                            properties:
                                              host:
                                                description: 'Optional: Host name
                                                  to connect to, defaults to the pod
                                                  IP.'
                                                type: string
                                              port:
                                                anyOf:
                                                - type: integer
                                                - type: string
                                                description: Number or name of the
                                                  port to access on the container.
                                                  Number must be in the range 1 to
                                                  65535. Name must be an IANA_SVC_NAME.
                                                x-kubernetes-int-or-string: true
                                            required:
                                            - port
                                            type: object
                                          terminationGracePeriodSeconds:
                                            description: Optional duration in seconds
                                              the pod needs to terminate gracefully
                                              upon probe failure. The grace period
                                              is the duration in seconds after the
                                              processes running in the pod are sent
                                              a termination signal and the time when
                                              the processes are forcibly halted with
                                              a kill signal. Set this value longer
                                              than the expected cleanup time for your
                                              process. If this value is nil, the pod's
                                              terminationGracePeriodSeconds will be
                                              used. Otherwise, this value overrides
                                              the value provided by the pod spec.
                                              Value must be non-negative integer.
                                              The value zero indicates stop immediately
                                              via the kill signal (no opportunity
                                              to shut down). This is a beta field
                                              and requires enabling ProbeTerminationGracePeriod
                                              feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
                                              is used if unset.
                                            format: int64
                                            type: integer
                                          timeoutSeconds:
                                            description: 'Number of seconds after
                                              which the probe times out. Defaults
                                              to 1 second. Minimum value is 1. More
                                              info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                            format: int32
                                            type: integer
                                        type: object
                                      name:
                                        description: Name of the container specified
                                          as a DNS_LABEL. Each container in a pod
                                          must have a unique name (DNS_LABEL). Cannot
                                          be updated.
                                        type: string
                                      onError:
                                        description: OnError defines the exiting behavior
                                          of a container on error can be set to [
                                          continue | stopAndFail ] stopAndFail indicates
                                          exit the taskRun if the container exits
                                          with non-zero exit code continue indicates
                                          continue executing the rest of the steps
                                          irrespective of the container exit code
                                        type: string
                                      ports:
                                        description: Deprecated. This field will be
                                          removed in a future release. List of ports
                                          to expose from the container. Exposing a
                                          port here gives the system additional information
                                          about the network connections a container
                                          uses, but is primarily informational. Not
                                          specifying a port here DOES NOT prevent
                                          that port from being exposed. Any port which
                                          is listening on the default "0.0.0.0" address
                                          inside a container will be accessible from
                                          the network. Cannot be updated.
                                        items:
                                          description: ContainerPort represents a
                                            network port in a single container.
                                          properties:
                                            containerPort:
                                              description: Number of port to expose
                                                on the pod's IP address. This must
                                                be a valid port number, 0 < x < 65536.
                                              format: int32
                                              type: integer
                                            hostIP:
                                              description: What host IP to bind the
                                                external port to.
                                              type: string
                                            hostPort:
                                              description: Number of port to expose
                                                on the host. If specified, this must
                                                be a valid port number, 0 < x < 65536.
                                                If HostNetwork is specified, this
                                                must match ContainerPort. Most containers
                                                do not need this.
                                              format: int32
                                              type: integer
                                            name:
                                              description: If specified, this must
                                                be an IANA_SVC_NAME and unique within
                                                the pod. Each named port in a pod
                                                must have a unique name. Name for
                                                the port that can be referred to by
                                                services.
                                              type: string
                                            protocol:
                                              default: TCP
                                              description: Protocol for port. Must
                                                be UDP, TCP, or SCTP. Defaults to
                                                "TCP".
                                              type: string
                                          required:
                                          - containerPort
                                          type: object
                                        type: array
                                        x-kubernetes-list-map-keys:
                                        - containerPort
                                        - protocol
                                        x-kubernetes-list-type: map
                                      readinessProbe:
                                        description: 'Deprecated. This field will
                                          be removed in a future release. Periodic
                                          probe of container service readiness. Container
                                          will be removed from service endpoints if
                                          the probe fails. Cannot be updated. More
                                          info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                        properties:
                                          exec:
                                            description: Exec specifies the action
                                              to take.
                                            properties:
                                              command:
                                                description: Command is the command
                                                  line to execute inside the container,
                                                  the working directory for the command  is
                                                  root ('/') in the container's filesystem.
                                                  The command is simply exec'd, it
                                                  is not run inside a shell, so traditional
                                                  shell instructions ('|', etc) won't
                                                  work. To use a shell, you need to
                                                  explicitly call out to that shell.
                                                  Exit status of 0 is treated as live/healthy
                                                  and non-zero is unhealthy.
                                                items:
                                                  type: string
                                                type: array
                                            type: object
                                          failureThreshold:
                                            description: Minimum consecutive failures
                                              for the probe to be considered failed
                                              after having succeeded. Defaults to
                                              3. Minimum value is 1.
                                            format: int32
                                            type: integer
                                          grpc:
                                            description: GRPC specifies an action
                                              involving a GRPC port. This is a beta
                                              field and requires enabling GRPCContainerProbe
                                              feature gate.
                                            properties:
                                              port:
                                                description: Port number of the gRPC
                                                  service. Number must be in the range
                                                  1 to 65535.
                                                format: int32
                                                type: integer
                                              service:
                                                description: "Service is the name
                                                  of the service to place in the gRPC
                                                  HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                                  \n If this is not specified, the
                                                  default behavior is defined by gRPC."
                                                type: string
                                            required:
                                            - port
                                            type: object
                                          httpGet:
                                            description: HTTPGet specifies the http
                                              request to perform.
                                            properties:
                                              host:
                                                description: Host name to connect
                                                  to, defaults to the pod IP. You
                                                  probably want to set "Host" in httpHeaders
                                                  instead.
                                                type: string
                                              httpHeaders:
                                                description: Custom headers to set
                                                  in the request. HTTP allows repeated
                                                  headers.
                                                items:
                                                  description: HTTPHeader describes
                                                    a custom header to be used in
                                                    HTTP probes
                                                  properties:
                                                    name:
                                                      description: The header field
                                                        name
                                                      type: string
                                                    value:
                                                      description: The header field
                                                        value
                                                      type: string
                                                  required:
                                                  - name
                                                  - value
                                                  type: object
                                                type: array
                                              path:
                                                description: Path to access on the
                                                  HTTP server.
                                                type: string
                                              port:
                                                anyOf:
                                                - type: integer
                                                - type: string
                                                description: Name or number of the
                                                  port to access on the container.
                                                  Number must be in the range 1 to
                                                  65535. Name must be an IANA_SVC_NAME.
                                                x-kubernetes-int-or-string: true
                                              scheme:
                                                description: Scheme to use for connecting
                                                  to the host. Defaults to HTTP.
                                                type: string
                                            required:
                                            - port
                                            type: object
                                          initialDelaySeconds:
                                            description: 'Number of seconds after
                                              the container has started before liveness
                                              probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                            format: int32
                                            type: integer
                                          periodSeconds:
                                            description: How often (in seconds) to
                                              perform the probe. Default to 10 seconds.
                                              Minimum value is 1.
                                            format: int32
                                            type: integer
                                          successThreshold:
                                            description: Minimum consecutive successes
                                              for the probe to be considered successful
                                              after having failed. Defaults to 1.
                                              Must be 1 for liveness and startup.
                                              Minimum value is 1.
                                            format: int32
                                            type: integer
                                          tcpSocket:
                                            description: TCPSocket specifies an action
                                              involving a TCP port.
                                            properties:
                                              host:
                                                description: 'Optional: Host name
                                                  to connect to, defaults to the pod
                                                  IP.'
                                                type: string
                                              port:
                                                anyOf:
                                                - type: integer
                                                - type: string
                                                description: Number or name of the
                                                  port to access on the container.
                                                  Number must be in the range 1 to
                                                  65535. Name must be an IANA_SVC_NAME.
                                                x-kubernetes-int-or-string: true
                                            required:
                                            - port
                                            type: object
                                          terminationGracePeriodSeconds:
                                            description: Optional duration in seconds
                                              the pod needs to terminate gracefully
                                              upon probe failure. The grace period
                                              is the duration in seconds after the
                                              processes running in the pod are sent
                                              a termination signal and the time when
                                              the processes are forcibly halted with
                                              a kill signal. Set this value longer
                                              than the expected cleanup time for your
                                              process. If this value is nil, the pod's
                                              terminationGracePeriodSeconds will be
                                              used. Otherwise, this value overrides
                                              the value provided by the pod spec.
                                              Value must be non-negative integer.
                                              The value zero indicates stop immediately
                                              via the kill signal (no opportunity
                                              to shut down). This is a beta field
                                              and requires enabling ProbeTerminationGracePeriod
                                              feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
                                              is used if unset.
                                            format: int64
                                            type: integer
                                          timeoutSeconds:
                                            description: 'Number of seconds after
                                              which the probe times out. Defaults
                                              to 1 second. Minimum value is 1. More
                                              info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                            format: int32
                                            type: integer
                                        type: object
                                      resources:
                                        description: 'Compute Resources required by
                                          this container. Cannot be updated. More
                                          info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                        properties:
                                          limits:
                                            additionalProperties:
                                              anyOf:
                                              - type: integer
                                              - type: string
                                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                              x-kubernetes-int-or-string: true
                                            description: 'Limits describes the maximum
                                              amount of compute resources allowed.
                                              More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                            type: object
                                          requests:
                                            additionalProperties:
                                              anyOf:
                                              - type: integer
                                              - type: string
                                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                              x-kubernetes-int-or-string: true
                                            description: 'Requests describes the minimum
                                              amount of compute resources required.
                                              If Requests is omitted for a container,
                                              it defaults to Limits if that is explicitly
                                              specified, otherwise to an implementation-defined
                                              value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                            type: object
                                        type: object
                                      script:
                                        description: "Script is the contents of an
                                          executable file to execute. \n If Script
                                          is not empty, the Step cannot have an Command
                                          and the Args will be passed to the Script."
                                        type: string
                                      securityContext:
                                        description: 'SecurityContext defines the
                                          security options the container should be
                                          run with. If set, the fields of SecurityContext
                                          override the equivalent fields of PodSecurityContext.
                                          More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
                                        properties:
                                          allowPrivilegeEscalation:
                                            description: 'AllowPrivilegeEscalation
                                              controls whether a process can gain
                                              more privileges than its parent process.
                                              This bool directly controls if the no_new_privs
                                              flag will be set on the container process.
                                              AllowPrivilegeEscalation is true always
                                              when the container is: 1) run as Privileged
                                              2) has CAP_SYS_ADMIN Note that this
                                              field cannot be set when spec.os.name
                                              is windows.'
                                            type: boolean
                                          capabilities:
                                            description: The capabilities to add/drop
                                              when running containers. Defaults to
                                              the default set of capabilities granted
                                              by the container runtime. Note that
                                              this field cannot be set when spec.os.name
                                              is windows.
                                            properties:
                                              add:
                                                description: Added capabilities
                                                items:
                                                  description: Capability represent
                                                    POSIX capabilities type
                                                  type: string
                                                type: array
                                              drop:
                                                description: Removed capabilities
                                                items:
                                                  description: Capability represent
                                                    POSIX capabilities type
                                                  type: string
                                                type: array
                                            type: object
                                          privileged:
                                            description: Run container in privileged
                                              mode. Processes in privileged containers
                                              are essentially equivalent to root on
                                              the host. Defaults to false. Note that
                                              this field cannot be set when spec.os.name
                                              is windows.
                                            type: boolean
                                          procMount:
                                            description: procMount denotes the type
                                              of proc mount to use for the containers.
                                              The default is DefaultProcMount which
                                              uses the container runtime defaults
                                              for readonly paths and masked paths.
                                              This requires the ProcMountType feature
                                              flag to be enabled. Note that this field
                                              cannot be set when spec.os.name is windows.
                                            type: string
                                          readOnlyRootFilesystem:
                                            description: Whether this container has
                                              a read-only root filesystem. Default
                                              is false. Note that this field cannot
                                              be set when spec.os.name is windows.
                                            type: boolean
                                          runAsGroup:
                                            description: The GID to run the entrypoint
                                              of the container process. Uses runtime
                                              default if unset. May also be set in
                                              PodSecurityContext.  If set in both
                                              SecurityContext and PodSecurityContext,
                                              the value specified in SecurityContext
                                              takes precedence. Note that this field
                                              cannot be set when spec.os.name is windows.
                                            format: int64
                                            type: integer
                                          runAsNonRoot:
                                            description: Indicates that the container
                                              must run as a non-root user. If true,
                                              the Kubelet will validate the image
                                              at runtime to ensure that it does not
                                              run as UID 0 (root) and fail to start
                                              the container if it does. If unset or
                                              false, no such validation will be performed.
                                              May also be set in PodSecurityContext.  If
                                              set in both SecurityContext and PodSecurityContext,
                                              the value specified in SecurityContext
                                              takes precedence.
                                            type: boolean
                                          runAsUser:
                                            description: The UID to run the entrypoint
                                              of the container process. Defaults to
                                              user specified in image metadata if
                                              unspecified. May also be set in PodSecurityContext.  If
                                              set in both SecurityContext and PodSecurityContext,
                                              the value specified in SecurityContext
                                              takes precedence. Note that this field
                                              cannot be set when spec.os.name is windows.
                                            format: int64
                                            type: integer
                                          seLinuxOptions:
                                            description: The SELinux context to be
                                              applied to the container. If unspecified,
                                              the container runtime will allocate
                                              a random SELinux context for each container.  May
                                              also be set in PodSecurityContext.  If
                                              set in both SecurityContext and PodSecurityContext,
                                              the value specified in SecurityContext
                                              takes precedence. Note that this field
                                              cannot be set when spec.os.name is windows.
                                            properties:
                                              level:
                                                description: Level is SELinux level
                                                  label that applies to the container.
                                                type: string
                                              role:
                                                description: Role is a SELinux role
                                                  label that applies to the container.
                                                type: string
                                              type:
                                                description: Type is a SELinux type
                                                  label that applies to the container.
                                                type: string
                                              user:
                                                description: User is a SELinux user
                                                  label that applies to the container.
                                                type: string
                                            type: object
                                          seccompProfile:
                                            description: The seccomp options to use
                                              by this container. If seccomp options
                                              are provided at both the pod & container
                                              level, the container options override
                                              the pod options. Note that this field
                                              cannot be set when spec.os.name is windows.
                                            properties:
                                              localhostProfile:
                                                description: localhostProfile indicates
                                                  a profile defined in a file on the
                                                  node should be used. The profile
                                                  must be preconfigured on the node
                                                  to work. Must be a descending path,
                                                  relative to the kubelet's configured
                                                  seccomp profile location. Must only
                                                  be set if type is "Localhost".
                                                type: string
                                              type:
                                                description: "type indicates which
                                                  kind of seccomp profile will be
                                                  applied. Valid options are: \n Localhost
                                                  - a profile defined in a file on
                                                  the node should be used. RuntimeDefault
                                                  - the container runtime default
                                                  profile should be used. Unconfined
                                                  - no profile should be applied."
                                                type: string
                                            required:
                                            - type
                                            type: object
                                          windowsOptions:
                                            description: The Windows specific settings
                                              applied to all containers. If unspecified,
                                              the options from the PodSecurityContext
                                              will be used. If set in both SecurityContext
                                              and PodSecurityContext, the value specified
                                              in SecurityContext takes precedence.
                                              Note that this field cannot be set when
                                              spec.os.name is linux.
                                            properties:
                                              gmsaCredentialSpec:
                                                description: GMSACredentialSpec is
                                                  where the GMSA admission webhook
                                                  (https://github.com/kubernetes-sigs/windows-gmsa)
                                                  inlines the contents of the GMSA
                                                  credential spec named by the GMSACredentialSpecName
                                                  field.
                                                type: string
                                              gmsaCredentialSpecName:
                                                description: GMSACredentialSpecName
                                                  is the name of the GMSA credential
                                                  spec to use.
                                                type: string
                                              hostProcess:
                                                description: HostProcess determines
                                                  if a container should be run as
                                                  a 'Host Process' container. This
                                                  field is alpha-level and will only
                                                  be honored by components that enable
                                                  the WindowsHostProcessContainers
                                                  feature flag. Setting this field
                                                  without the feature flag will result
                                                  in errors when validating the Pod.
                                                  All of a Pod's containers must have
                                                  the same effective HostProcess value
                                                  (it is not allowed to have a mix
                                                  of HostProcess containers and non-HostProcess
                                                  containers).  In addition, if HostProcess
                                                  is true then HostNetwork must also
                                                  be set to true.
                                                type: boolean
                                              runAsUserName:
                                                description: The UserName in Windows
                                                  to run the entrypoint of the container
                                                  process. Defaults to the user specified
                                                  in image metadata if unspecified.
                                                  May also be set in PodSecurityContext.
                                                  If set in both SecurityContext and
                                                  PodSecurityContext, the value specified
                                                  in SecurityContext takes precedence.
                                                type: string
                                            type: object
                                        type: object
                                      startupProbe:
                                        description: 'Deprecated. This field will
                                          be removed in a future release. DeprecatedStartupProbe
                                          indicates that the Pod has successfully
                                          initialized. If specified, no other probes
                                          are executed until this completes successfully.
                                          If this probe fails, the Pod will be restarted,
                                          just as if the livenessProbe failed. This
                                          can be used to provide different probe parameters
                                          at the beginning of a Pod''s lifecycle,
                                          when it might take a long time to load data
                                          or warm a cache, than during steady-state
                                          operation. This cannot be updated. More
                                          info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                        properties:
                                          exec:
                                            description: Exec specifies the action
                                              to take.
                                            properties:
                                              command:
                                                description: Command is the command
                                                  line to execute inside the container,
                                                  the working directory for the command  is
                                                  root ('/') in the container's filesystem.
                                                  The command is simply exec'd, it
                                                  is not run inside a shell, so traditional
                                                  shell instructions ('|', etc) won't
                                                  work. To use a shell, you need to
                                                  explicitly call out to that shell.
                                                  Exit status of 0 is treated as live/healthy
                                                  and non-zero is unhealthy.
                                                items:
                                                  type: string
                                                type: array
                                            type: object
                                          failureThreshold:
                                            description: Minimum consecutive failures
                                              for the probe to be considered failed
                                              after having succeeded. Defaults to
                                              3. Minimum value is 1.
                                            format: int32
                                            type: integer
                                          grpc:
                                            description: GRPC specifies an action
                                              involving a GRPC port. This is a beta
                                              field and requires enabling GRPCContainerProbe
                                              feature gate.
                                            properties:
                                              port:
                                                description: Port number of the gRPC
                                                  service. Number must be in the range
                                                  1 to 65535.
                                                format: int32
                                                type: integer
                                              service:
                                                description: "Service is the name
                                                  of the service to place in the gRPC
                                                  HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                                  \n If this is not specified, the
                                                  default behavior is defined by gRPC."
                                                type: string
                                            required:
                                            - port
                                            type: object
                                          httpGet:
                                            description: HTTPGet specifies the http
                                              request to perform.
                                            properties:
                                              host:
                                                description: Host name to connect
                                                  to, defaults to the pod IP. You
                                                  probably want to set "Host" in httpHeaders
                                                  instead.
                                                type: string
                                              httpHeaders:
                                                description: Custom headers to set
                                                  in the request. HTTP allows repeated
                                                  headers.
                                                items:
                                                  description: HTTPHeader describes
                                                    a custom header to be used in
                                                    HTTP probes
                                                  properties:
                                                    name:
                                                      description: The header field
                                                        name
                                                      type: string
                                                    value:
                                                      description: The header field
                                                        value
                                                      type: string
                                                  required:
                                                  - name
                                                  - value
                                                  type: object
                                                type: array
                                              path:
                                                description: Path to access on the
                                                  HTTP server.
                                                type: string
                                              port:
                                                anyOf:
                                                - type: integer
                                                - type: string
                                                description: Name or number of the
                                                  port to access on the container.
                                                  Number must be in the range 1 to
                                                  65535. Name must be an IANA_SVC_NAME.
                                                x-kubernetes-int-or-string: true
                                              scheme:
                                                description: Scheme to use for connecting
                                                  to the host. Defaults to HTTP.
                                                type: string
                                            required:
                                            - port
                                            type: object
                                          initialDelaySeconds:
                                            description: 'Number of seconds after
                                              the container has started before liveness
                                              probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                            format: int32
                                            type: integer
                                          periodSeconds:
                                            description: How often (in seconds) to
                                              perform the probe. Default to 10 seconds.
                                              Minimum value is 1.
                                            format: int32
                                            type: integer
                                          successThreshold:
                                            description: Minimum consecutive successes
                                              for the probe to be considered successful
                                              after having failed. Defaults to 1.
                                              Must be 1 for liveness and startup.
                                              Minimum value is 1.
                                            format: int32
                                            type: integer
                                          tcpSocket:
                                            description: TCPSocket specifies an action
                                              involving a TCP port.
                                            properties:
                                              host:
                                                description: 'Optional: Host name
                                                  to connect to, defaults to the pod
                                                  IP.'
                                                type: string
                                              port:
                                                anyOf:
                                                - type: integer
                                                - type: string
                                                description: Number or name of the
                                                  port to access on the container.
                                                  Number must be in the range 1 to
                                                  65535. Name must be an IANA_SVC_NAME.
                                                x-kubernetes-int-or-string: true
                                            required:
                                            - port
                                            type: object
                                          terminationGracePeriodSeconds:
                                            description: Optional duration in seconds
                                              the pod needs to terminate gracefully
                                              upon probe failure. The grace period
                                              is the duration in seconds after the
                                              processes running in the pod are sent
                                              a termination signal and the time when
                                              the processes are forcibly halted with
                                              a kill signal. Set this value longer
                                              than the expected cleanup time for your
                                              process. If this value is nil, the pod's
                                              terminationGracePeriodSeconds will be
                                              used. Otherwise, this value overrides
                                              the value provided by the pod spec.
                                              Value must be non-negative integer.
                                              The value zero indicates stop immediately
                                              via the kill signal (no opportunity
                                              to shut down). This is a beta field
                                              and requires enabling ProbeTerminationGracePeriod
                                              feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
                                              is used if unset.
                                            format: int64
                                            type: integer
                                          timeoutSeconds:
                                            description: 'Number of seconds after
                                              which the probe times out. Defaults
                                              to 1 second. Minimum value is 1. More
                                              info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                            format: int32
                                            type: integer
                                        type: object
                                      stdin:
                                        description: Deprecated. This field will be
                                          removed in a future release. Whether this
                                          container should allocate a buffer for stdin
                                          in the container runtime. If this is not
                                          set, reads from stdin in the container will
                                          always result in EOF. Default is false.
                                        type: boolean
                                      stdinOnce:
                                        description: Deprecated. This field will be
                                          removed in a future release. Whether the
                                          container runtime should close the stdin
                                          channel after it has been opened by a single
                                          attach. When stdin is true the stdin stream
                                          will remain open across multiple attach
                                          sessions. If stdinOnce is set to true, stdin
                                          is opened on container start, is empty until
                                          the first client attaches to stdin, and
                                          then remains open and accepts data until
                                          the client disconnects, at which time stdin
                                          is closed and remains closed until the container
                                          is restarted. If this flag is false, a container
                                          processes that reads from stdin will never
                                          receive an EOF. Default is false
                                        type: boolean
                                      terminationMessagePath:
                                        description: 'Deprecated. This field will
                                          be removed in a future release. Optional:
                                          Path at which the file to which the container''s
                                          termination message will be written is mounted
                                          into the container''s filesystem. Message
                                          written is intended to be brief final status,
                                          such as an assertion failure message. Will
                                          be truncated by the node if greater than
                                          4096 bytes. The total message length across
                                          all containers will be limited to 12kb.
                                          Defaults to /dev/termination-log. Cannot
                                          be updated.'
                                        type: string
                                      terminationMessagePolicy:
                                        description: Deprecated. This field will be
                                          removed in a future release. Indicate how
                                          the termination message should be populated.
                                          File will use the contents of terminationMessagePath
                                          to populate the container status message
                                          on both success and failure. FallbackToLogsOnError
                                          will use the last chunk of container log
                                          output if the termination message file is
                                          empty and the container exited with an error.
                                          The log output is limited to 2048 bytes
                                          or 80 lines, whichever is smaller. Defaults
                                          to File. Cannot be updated.
                                        type: string
                                      timeout:
                                        description: 'Timeout is the time after which
                                          the step times out. Defaults to never. Refer
                                          to Go''s ParseDuration documentation for
                                          expected format: https://golang.org/pkg/time/#ParseDuration'
                                        type: string
                                      tty:
                                        description: Deprecated. This field will be
                                          removed in a future release. Whether this
                                          container should allocate a DeprecatedTTY
                                          for itself, also requires 'stdin' to be
                                          true. Default is false.
                                        type: boolean
                                      volumeDevices:
                                        description: volumeDevices is the list of
                                          block devices to be used by the container.
                                        items:
                                          description: volumeDevice describes a mapping
                                            of a raw block device within a container.
                                          properties:
                                            devicePath:
                                              description: devicePath is the path
                                                inside of the container that the device
                                                will be mapped to.
                                              type: string
                                            name:
                                              description: name must match the name
                                                of a persistentVolumeClaim in the
                                                pod
                                              type: string
                                          required:
                                          - devicePath
                                          - name
                                          type: object
                                        type: array
                                        x-kubernetes-list-type: atomic
                                      volumeMounts:
                                        description: Pod volumes to mount into the
                                          container's filesystem. Cannot be updated.
                                        items:
                                          description: VolumeMount describes a mounting
                                            of a Volume within a container.
                                          properties:
                                            mountPath:
                                              description: Path within the container
                                                at which the volume should be mounted.  Must
                                                not contain ':'.
                                              type: string
                                            mountPropagation:
                                              description: mountPropagation determines
                                                how mounts are propagated from the
                                                host to container and the other way
                                                around. When not set, MountPropagationNone
                                                is used. This field is beta in 1.10.
                                              type: string
                                            name:
                                              description: This must match the Name
                                                of a Volume.
                                              type: string
                                            readOnly:
                                              description: Mounted read-only if true,
                                                read-write otherwise (false or unspecified).
                                                Defaults to false.
                                              type: boolean
                                            subPath:
                                              description: Path within the volume
                                                from which the container's volume
                                                should be mounted. Defaults to ""
                                                (volume's root).
                                              type: string
                                            subPathExpr:
                                              description: Expanded path within the
                                                volume from which the container's
                                                volume should be mounted. Behaves
                                                similarly to SubPath but environment
                                                variable references $(VAR_NAME) are
                                                expanded using the container's environment.
                                                Defaults to "" (volume's root). SubPathExpr
                                                and SubPath are mutually exclusive.
                                              type: string
                                          required:
                                          - mountPath
                                          - name
                                          type: object
                                        type: array
                                        x-kubernetes-list-type: atomic
                                      workingDir:
                                        description: Container's working directory.
                                          If not specified, the container runtime's
                                          default will be used, which might be configured
                                          in the container image. Cannot be updated.
                                        type: string
                                      workspaces:
                                        description: "This is an alpha field. You
                                          must set the \"enable-api-fields\" feature
                                          flag to \"alpha\" for this field to be supported.
                                          \n Workspaces is a list of workspaces from
                                          the Task that this Step wants exclusive
                                          access to. Adding a workspace to this list
                                          means that any other Step or Sidecar that
                                          does not also request this Workspace will
                                          not have access to it."
                                        items:
                                          description: WorkspaceUsage is used by a
                                            Step or Sidecar to declare that it wants
                                            isolated access to a Workspace defined
                                            in a Task.
                                          properties:
                                            mountPath:
                                              description: MountPath is the path that
                                                the workspace should be mounted to
                                                inside the Step or Sidecar, overriding
                                                any MountPath specified in the Task's
                                                WorkspaceDeclaration.
                                              type: string
                                            name:
                                              description: Name is the name of the
                                                workspace this Step or Sidecar wants
                                                access to.
                                              type: string
                                          required:
                                          - mountPath
                                          - name
                                          type: object
                                        type: array
                                        x-kubernetes-list-type: atomic
                                    required:
                                    - name
                                    type: object
                                  type: array
                                  x-kubernetes-list-type: atomic
                                volumes:
                                  description: Volumes is a collection of volumes
                                    that are available to mount into the steps of
                                    the build.
                                  items:
                                    description: Volume represents a named volume
                                      in a pod that may be accessed by any container
                                      in the pod.
                                    properties:
                                      awsElasticBlockStore:
                                        description: 'awsElasticBlockStore represents
                                          an AWS Disk resource that is attached to
                                          a kubelet''s host machine and then exposed
                                          to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
                                        properties:
                                          fsType:
                                            description: 'fsType is the filesystem
                                              type of the volume that you want to
                                              mount. Tip: Ensure that the filesystem
                                              type is supported by the host operating
                                              system. Examples: "ext4", "xfs", "ntfs".
                                              Implicitly inferred to be "ext4" if
                                              unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
                                              TODO: how do we prevent errors in the
                                              filesystem from compromising the machine'
                                            type: string
                                          partition:
                                            description: 'partition is the partition
                                              in the volume that you want to mount.
                                              If omitted, the default is to mount
                                              by volume name. Examples: For volume
                                              /dev/sda1, you specify the partition
                                              as "1". Similarly, the volume partition
                                              for /dev/sda is "0" (or you can leave
                                              the property empty).'
                                            format: int32
                                            type: integer
                                          readOnly:
                                            description: 'readOnly value true will
                                              force the readOnly setting in VolumeMounts.
                                              More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
                                            type: boolean
                                          volumeID:
                                            description: 'volumeID is unique ID of
                                              the persistent disk resource in AWS
                                              (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
                                            type: string
                                        required:
                                        - volumeID
                                        type: object
                                      azureDisk:
                                        description: azureDisk represents an Azure
                                          Data Disk mount on the host and bind mount
                                          to the pod.
                                        properties:
                                          cachingMode:
                                            description: 'cachingMode is the Host
                                              Caching mode: None, Read Only, Read
                                              Write.'
                                            type: string
                                          diskName:
                                            description: diskName is the Name of the
                                              data disk in the blob storage
                                            type: string
                                          diskURI:
                                            description: diskURI is the URI of data
                                              disk in the blob storage
                                            type: string
                                          fsType:
                                            description: fsType is Filesystem type
                                              to mount. Must be a filesystem type
                                              supported by the host operating system.
                                              Ex. "ext4", "xfs", "ntfs". Implicitly
                                              inferred to be "ext4" if unspecified.
                                            type: string
                                          kind:
                                            description: 'kind expected values are
                                              Shared: multiple blob disks per storage
                                              account  Dedicated: single blob disk
                                              per storage account  Managed: azure
                                              managed data disk (only in managed availability
                                              set). defaults to shared'
                                            type: string
                                          readOnly:
                                            description: readOnly Defaults to false
                                              (read/write). ReadOnly here will force
                                              the ReadOnly setting in VolumeMounts.
                                            type: boolean
                                        required:
                                        - diskName
                                        - diskURI
                                        type: object
                                      azureFile:
                                        description: azureFile represents an Azure
                                          File Service mount on the host and bind
                                          mount to the pod.
                                        properties:
                                          readOnly:
                                            description: readOnly defaults to false
                                              (read/write). ReadOnly here will force
                                              the ReadOnly setting in VolumeMounts.
                                            type: boolean
                                          secretName:
                                            description: secretName is the  name of
                                              secret that contains Azure Storage Account
                                              Name and Key
                                            type: string
                                          shareName:
                                            description: shareName is the azure share
                                              Name
                                            type: string
                                        required:
                                        - secretName
                                        - shareName
                                        type: object
                                      cephfs:
                                        description: cephFS represents a Ceph FS mount
                                          on the host that shares a pod's lifetime
                                        properties:
                                          monitors:
                                            description: 'monitors is Required: Monitors
                                              is a collection of Ceph monitors More
                                              info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                                            items:
                                              type: string
                                            type: array
                                          path:
                                            description: 'path is Optional: Used as
                                              the mounted root, rather than the full
                                              Ceph tree, default is /'
                                            type: string
                                          readOnly:
                                            description: 'readOnly is Optional: Defaults
                                              to false (read/write). ReadOnly here
                                              will force the ReadOnly setting in VolumeMounts.
                                              More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                                            type: boolean
                                          secretFile:
                                            description: 'secretFile is Optional:
                                              SecretFile is the path to key ring for
                                              User, default is /etc/ceph/user.secret
                                              More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                                            type: string
                                          secretRef:
                                            description: 'secretRef is Optional: SecretRef
                                              is reference to the authentication secret
                                              for User, default is empty. More info:
                                              https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                                            properties:
                                              name:
                                                description: 'Name of the referent.
                                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                  TODO: Add other useful fields. apiVersion,
                                                  kind, uid?'
                                                type: string
                                            type: object
                                          user:
                                            description: 'user is optional: User is
                                              the rados user name, default is admin
                                              More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                                            type: string
                                        required:
                                        - monitors
                                        type: object
                                      cinder:
                                        description: 'cinder represents a cinder volume
                                          attached and mounted on kubelets host machine.
                                          More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
                                        properties:
                                          fsType:
                                            description: 'fsType is the filesystem
                                              type to mount. Must be a filesystem
                                              type supported by the host operating
                                              system. Examples: "ext4", "xfs", "ntfs".
                                              Implicitly inferred to be "ext4" if
                                              unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
                                            type: string
                                          readOnly:
                                            description: 'readOnly defaults to false
                                              (read/write). ReadOnly here will force
                                              the ReadOnly setting in VolumeMounts.
                                              More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
                                            type: boolean
                                          secretRef:
                                            description: 'secretRef is optional: points
                                              to a secret object containing parameters
                                              used to connect to OpenStack.'
                                            properties:
                                              name:
                                                description: 'Name of the referent.
                                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                  TODO: Add other useful fields. apiVersion,
                                                  kind, uid?'
                                                type: string
                                            type: object
                                          volumeID:
                                            description: 'volumeID used to identify
                                              the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
                                            type: string
                                        required:
                                        - volumeID
                                        type: object
                                      configMap:
                                        description: configMap represents a configMap
                                          that should populate this volume
                                        properties:
                                          defaultMode:
                                            description: 'defaultMode is optional:
                                              mode bits used to set permissions on
                                              created files by default. Must be an
                                              octal value between 0000 and 0777 or
                                              a decimal value between 0 and 511. YAML
                                              accepts both octal and decimal values,
                                              JSON requires decimal values for mode
                                              bits. Defaults to 0644. Directories
                                              within the path are not affected by
                                              this setting. This might be in conflict
                                              with other options that affect the file
                                              mode, like fsGroup, and the result can
                                              be other mode bits set.'
                                            format: int32
                                            type: integer
                                          items:
                                            description: items if unspecified, each
                                              key-value pair in the Data field of
                                              the referenced ConfigMap will be projected
                                              into the volume as a file whose name
                                              is the key and content is the value.
                                              If specified, the listed keys will be
                                              projected into the specified paths,
                                              and unlisted keys will not be present.
                                              If a key is specified which is not present
                                              in the ConfigMap, the volume setup will
                                              error unless it is marked optional.
                                              Paths must be relative and may not contain
                                              the '..' path or start with '..'.
                                            items:
                                              description: Maps a string key to a
                                                path within a volume.
                                              properties:
                                                key:
                                                  description: key is the key to project.
                                                  type: string
                                                mode:
                                                  description: 'mode is Optional:
                                                    mode bits used to set permissions
                                                    on this file. Must be an octal
                                                    value between 0000 and 0777 or
                                                    a decimal value between 0 and
                                                    511. YAML accepts both octal and
                                                    decimal values, JSON requires
                                                    decimal values for mode bits.
                                                    If not specified, the volume defaultMode
                                                    will be used. This might be in
                                                    conflict with other options that
                                                    affect the file mode, like fsGroup,
                                                    and the result can be other mode
                                                    bits set.'
                                                  format: int32
                                                  type: integer
                                                path:
                                                  description: path is the relative
                                                    path of the file to map the key
                                                    to. May not be an absolute path.
                                                    May not contain the path element
                                                    '..'. May not start with the string
                                                    '..'.
                                                  type: string
                                              required:
                                              - key
                                              - path
                                              type: object
                                            type: array
                                          name:
                                            description: 'Name of the referent. More
                                              info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                              TODO: Add other useful fields. apiVersion,
                                              kind, uid?'
                                            type: string
                                          optional:
                                            description: optional specify whether
                                              the ConfigMap or its keys must be defined
                                            type: boolean
                                        type: object
                                      csi:
                                        description: csi (Container Storage Interface)
                                          represents ephemeral storage that is handled
                                          by certain external CSI drivers (Beta feature).
                                        properties:
                                          driver:
                                            description: driver is the name of the
                                              CSI driver that handles this volume.
                                              Consult with your admin for the correct
                                              name as registered in the cluster.
                                            type: string
                                          fsType:
                                            description: fsType to mount. Ex. "ext4",
                                              "xfs", "ntfs". If not provided, the
                                              empty value is passed to the associated
                                              CSI driver which will determine the
                                              default filesystem to apply.
                                            type: string
                                          nodePublishSecretRef:
                                            description: nodePublishSecretRef is a
                                              reference to the secret object containing
                                              sensitive information to pass to the
                                              CSI driver to complete the CSI NodePublishVolume
                                              and NodeUnpublishVolume calls. This
                                              field is optional, and  may be empty
                                              if no secret is required. If the secret
                                              object contains more than one secret,
                                              all secret references are passed.
                                            properties:
                                              name:
                                                description: 'Name of the referent.
                                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                  TODO: Add other useful fields. apiVersion,
                                                  kind, uid?'
                                                type: string
                                            type: object
                                          readOnly:
                                            description: readOnly specifies a read-only
                                              configuration for the volume. Defaults
                                              to false (read/write).
                                            type: boolean
                                          volumeAttributes:
                                            additionalProperties:
                                              type: string
                                            description: volumeAttributes stores driver-specific
                                              properties that are passed to the CSI
                                              driver. Consult your driver's documentation
                                              for supported values.
                                            type: object
                                        required:
                                        - driver
                                        type: object
                                      downwardAPI:
                                        description: downwardAPI represents downward
                                          API about the pod that should populate this
                                          volume
                                        properties:
                                          defaultMode:
                                            description: 'Optional: mode bits to use
                                              on created files by default. Must be
                                              a Optional: mode bits used to set permissions
                                              on created files by default. Must be
                                              an octal value between 0000 and 0777
                                              or a decimal value between 0 and 511.
                                              YAML accepts both octal and decimal
                                              values, JSON requires decimal values
                                              for mode bits. Defaults to 0644. Directories
                                              within the path are not affected by
                                              this setting. This might be in conflict
                                              with other options that affect the file
                                              mode, like fsGroup, and the result can
                                              be other mode bits set.'
                                            format: int32
                                            type: integer
                                          items:
                                            description: Items is a list of downward
                                              API volume file
                                            items:
                                              description: DownwardAPIVolumeFile represents
                                                information to create the file containing
                                                the pod field
                                              properties:
                                                fieldRef:
                                                  description: 'Required: Selects
                                                    a field of the pod: only annotations,
                                                    labels, name and namespace are
                                                    supported.'
                                                  properties:
                                                    apiVersion:
                                                      description: Version of the
                                                        schema the FieldPath is written
                                                        in terms of, defaults to "v1".
                                                      type: string
                                                    fieldPath:
                                                      description: Path of the field
                                                        to select in the specified
                                                        API version.
                                                      type: string
                                                  required:
                                                  - fieldPath
                                                  type: object
                                                mode:
                                                  description: 'Optional: mode bits
                                                    used to set permissions on this
                                                    file, must be an octal value between
                                                    0000 and 0777 or a decimal value
                                                    between 0 and 511. YAML accepts
                                                    both octal and decimal values,
                                                    JSON requires decimal values for
                                                    mode bits. If not specified, the
                                                    volume defaultMode will be used.
                                                    This might be in conflict with
                                                    other options that affect the
                                                    file mode, like fsGroup, and the
                                                    result can be other mode bits
                                                    set.'
                                                  format: int32
                                                  type: integer
                                                path:
                                                  description: 'Required: Path is  the
                                                    relative path name of the file
                                                    to be created. Must not be absolute
                                                    or contain the ''..'' path. Must
                                                    be utf-8 encoded. The first item
                                                    of the relative path must not
                                                    start with ''..'''
                                                  type: string
                                                resourceFieldRef:
                                                  description: 'Selects a resource
                                                    of the container: only resources
                                                    limits and requests (limits.cpu,
                                                    limits.memory, requests.cpu and
                                                    requests.memory) are currently
                                                    supported.'
                                                  properties:
                                                    containerName:
                                                      description: 'Container name:
                                                        required for volumes, optional
                                                        for env vars'
                                                      type: string
                                                    divisor:
                                                      anyOf:
                                                      - type: integer
                                                      - type: string
                                                      description: Specifies the output
                                                        format of the exposed resources,
                                                        defaults to "1"
                                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                      x-kubernetes-int-or-string: true
                                                    resource:
                                                      description: 'Required: resource
                                                        to select'
                                                      type: string
                                                  required:
                                                  - resource
                                                  type: object
                                              required:
                                              - path
                                              type: object
                                            type: array
                                        type: object
                                      emptyDir:
                                        description: 'emptyDir represents a temporary
                                          directory that shares a pod''s lifetime.
                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
                                        properties:
                                          medium:
                                            description: 'medium represents what type
                                              of storage medium should back this directory.
                                              The default is "" which means to use
                                              the node''s default medium. Must be
                                              an empty string (default) or Memory.
                                              More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
                                            type: string
                                          sizeLimit:
                                            anyOf:
                                            - type: integer
                                            - type: string
                                            description: 'sizeLimit is the total amount
                                              of local storage required for this EmptyDir
                                              volume. The size limit is also applicable
                                              for memory medium. The maximum usage
                                              on memory medium EmptyDir would be the
                                              minimum value between the SizeLimit
                                              specified here and the sum of memory
                                              limits of all containers in a pod. The
                                              default is nil which means that the
                                              limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                            x-kubernetes-int-or-string: true
                                        type: object
                                      ephemeral:
                                        description: "ephemeral represents a volume
                                          that is handled by a cluster storage driver.
                                          The volume's lifecycle is tied to the pod
                                          that defines it - it will be created before
                                          the pod starts, and deleted when the pod
                                          is removed. \n Use this if: a) the volume
                                          is only needed while the pod runs, b) features
                                          of normal volumes like restoring from snapshot
                                          or capacity    tracking are needed, c) the
                                          storage driver is specified through a storage
                                          class, and d) the storage driver supports
                                          dynamic volume provisioning through    a
                                          PersistentVolumeClaim (see EphemeralVolumeSource
                                          for more    information on the connection
                                          between this volume type    and PersistentVolumeClaim).
                                          \n Use PersistentVolumeClaim or one of the
                                          vendor-specific APIs for volumes that persist
                                          for longer than the lifecycle of an individual
                                          pod. \n Use CSI for light-weight local ephemeral
                                          volumes if the CSI driver is meant to be
                                          used that way - see the documentation of
                                          the driver for more information. \n A pod
                                          can use both types of ephemeral volumes
                                          and persistent volumes at the same time."
                                        properties:
                                          volumeClaimTemplate:
                                            description: "Will be used to create a
                                              stand-alone PVC to provision the volume.
                                              The pod in which this EphemeralVolumeSource
                                              is embedded will be the owner of the
                                              PVC, i.e. the PVC will be deleted together
                                              with the pod.  The name of the PVC will
                                              be `<pod name>-<volume name>` where
                                              `<volume name>` is the name from the
                                              `PodSpec.Volumes` array entry. Pod validation
                                              will reject the pod if the concatenated
                                              name is not valid for a PVC (for example,
                                              too long). \n An existing PVC with that
                                              name that is not owned by the pod will
                                              *not* be used for the pod to avoid using
                                              an unrelated volume by mistake. Starting
                                              the pod is then blocked until the unrelated
                                              PVC is removed. If such a pre-created
                                              PVC is meant to be used by the pod,
                                              the PVC has to updated with an owner
                                              reference to the pod once the pod exists.
                                              Normally this should not be necessary,
                                              but it may be useful when manually reconstructing
                                              a broken cluster. \n This field is read-only
                                              and no changes will be made by Kubernetes
                                              to the PVC after it has been created.
                                              \n Required, must not be nil."
                                            properties:
                                              metadata:
                                                description: May contain labels and
                                                  annotations that will be copied
                                                  into the PVC when creating it. No
                                                  other fields are allowed and will
                                                  be rejected during validation.
                                                type: object
                                              spec:
                                                description: The specification for
                                                  the PersistentVolumeClaim. The entire
                                                  content is copied unchanged into
                                                  the PVC that gets created from this
                                                  template. The same fields as in
                                                  a PersistentVolumeClaim are also
                                                  valid here.
                                                properties:
                                                  accessModes:
                                                    description: 'accessModes contains
                                                      the desired access modes the
                                                      volume should have. More info:
                                                      https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
                                                    items:
                                                      type: string
                                                    type: array
                                                  dataSource:
                                                    description: 'dataSource field
                                                      can be used to specify either:
                                                      * An existing VolumeSnapshot
                                                      object (snapshot.storage.k8s.io/VolumeSnapshot)
                                                      * An existing PVC (PersistentVolumeClaim)
                                                      If the provisioner or an external
                                                      controller can support the specified
                                                      data source, it will create
                                                      a new volume based on the contents
                                                      of the specified data source.
                                                      If the AnyVolumeDataSource feature
                                                      gate is enabled, this field
                                                      will always have the same contents
                                                      as the DataSourceRef field.'
                                                    properties:
                                                      apiGroup:
                                                        description: APIGroup is the
                                                          group for the resource being
                                                          referenced. If APIGroup
                                                          is not specified, the specified
                                                          Kind must be in the core
                                                          API group. For any other
                                                          third-party types, APIGroup
                                                          is required.
                                                        type: string
                                                      kind:
                                                        description: Kind is the type
                                                          of resource being referenced
                                                        type: string
                                                      name:
                                                        description: Name is the name
                                                          of resource being referenced
                                                        type: string
                                                    required:
                                                    - kind
                                                    - name
                                                    type: object
                                                  dataSourceRef:
                                                    description: 'dataSourceRef specifies
                                                      the object from which to populate
                                                      the volume with data, if a non-empty
                                                      volume is desired. This may
                                                      be any local object from a non-empty
                                                      API group (non core object)
                                                      or a PersistentVolumeClaim object.
                                                      When this field is specified,
                                                      volume binding will only succeed
                                                      if the type of the specified
                                                      object matches some installed
                                                      volume populator or dynamic
                                                      provisioner. This field will
                                                      replace the functionality of
                                                      the DataSource field and as
                                                      such if both fields are non-empty,
                                                      they must have the same value.
                                                      For backwards compatibility,
                                                      both fields (DataSource and
                                                      DataSourceRef) will be set to
                                                      the same value automatically
                                                      if one of them is empty and
                                                      the other is non-empty. There
                                                      are two important differences
                                                      between DataSource and DataSourceRef:
                                                      * While DataSource only allows
                                                      two specific types of objects,
                                                      DataSourceRef   allows any non-core
                                                      object, as well as PersistentVolumeClaim
                                                      objects. * While DataSource
                                                      ignores disallowed values (dropping
                                                      them), DataSourceRef   preserves
                                                      all values, and generates an
                                                      error if a disallowed value
                                                      is   specified. (Beta) Using
                                                      this field requires the AnyVolumeDataSource
                                                      feature gate to be enabled.'
                                                    properties:
                                                      apiGroup:
                                                        description: APIGroup is the
                                                          group for the resource being
                                                          referenced. If APIGroup
                                                          is not specified, the specified
                                                          Kind must be in the core
                                                          API group. For any other
                                                          third-party types, APIGroup
                                                          is required.
                                                        type: string
                                                      kind:
                                                        description: Kind is the type
                                                          of resource being referenced
                                                        type: string
                                                      name:
                                                        description: Name is the name
                                                          of resource being referenced
                                                        type: string
                                                    required:
                                                    - kind
                                                    - name
                                                    type: object
                                                  resources:
                                                    description: 'resources represents
                                                      the minimum resources the volume
                                                      should have. If RecoverVolumeExpansionFailure
                                                      feature is enabled users are
                                                      allowed to specify resource
                                                      requirements that are lower
                                                      than previous value but must
                                                      still be higher than capacity
                                                      recorded in the status field
                                                      of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
                                                    properties:
                                                      limits:
                                                        additionalProperties:
                                                          anyOf:
                                                          - type: integer
                                                          - type: string
                                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                          x-kubernetes-int-or-string: true
                                                        description: 'Limits describes
                                                          the maximum amount of compute
                                                          resources allowed. More
                                                          info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                                        type: object
                                                      requests:
                                                        additionalProperties:
                                                          anyOf:
                                                          - type: integer
                                                          - type: string
                                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                          x-kubernetes-int-or-string: true
                                                        description: 'Requests describes
                                                          the minimum amount of compute
                                                          resources required. If Requests
                                                          is omitted for a container,
                                                          it defaults to Limits if
                                                          that is explicitly specified,
                                                          otherwise to an implementation-defined
                                                          value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                                        type: object
                                                    type: object
                                                  selector:
                                                    description: selector is a label
                                                      query over volumes to consider
                                                      for binding.
                                                    properties:
                                                      matchExpressions:
                                                        description: matchExpressions
                                                          is a list of label selector
                                                          requirements. The requirements
                                                          are ANDed.
                                                        items:
                                                          description: A label selector
                                                            requirement is a selector
                                                            that contains values,
                                                            a key, and an operator
                                                            that relates the key and
                                                            values.
                                                          properties:
                                                            key:
                                                              description: key is
                                                                the label key that
                                                                the selector applies
                                                                to.
                                                              type: string
                                                            operator:
                                                              description: operator
                                                                represents a key's
                                                                relationship to a
                                                                set of values. Valid
                                                                operators are In,
                                                                NotIn, Exists and
                                                                DoesNotExist.
                                                              type: string
                                                            values:
                                                              description: values
                                                                is an array of string
                                                                values. If the operator
                                                                is In or NotIn, the
                                                                values array must
                                                                be non-empty. If the
                                                                operator is Exists
                                                                or DoesNotExist, the
                                                                values array must
                                                                be empty. This array
                                                                is replaced during
                                                                a strategic merge
                                                                patch.
                                                              items:
                                                                type: string
                                                              type: array
                                                          required:
                                                          - key
                                                          - operator
                                                          type: object
                                                        type: array
                                                      matchLabels:
                                                        additionalProperties:
                                                          type: string
                                                        description: matchLabels is
                                                          a map of {key,value} pairs.
                                                          A single {key,value} in
                                                          the matchLabels map is equivalent
                                                          to an element of matchExpressions,
                                                          whose key field is "key",
                                                          the operator is "In", and
                                                          the values array contains
                                                          only "value". The requirements
                                                          are ANDed.
                                                        type: object
                                                    type: object
                                                  storageClassName:
                                                    description: 'storageClassName
                                                      is the name of the StorageClass
                                                      required by the claim. More
                                                      info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
                                                    type: string
                                                  volumeMode:
                                                    description: volumeMode defines
                                                      what type of volume is required
                                                      by the claim. Value of Filesystem
                                                      is implied when not included
                                                      in claim spec.
                                                    type: string
                                                  volumeName:
                                                    description: volumeName is the
                                                      binding reference to the PersistentVolume
                                                      backing this claim.
                                                    type: string
                                                type: object
                                            required:
                                            - spec
                                            type: object
                                        type: object
                                      fc:
                                        description: fc represents a Fibre Channel
                                          resource that is attached to a kubelet's
                                          host machine and then exposed to the pod.
                                        properties:
                                          fsType:
                                            description: 'fsType is the filesystem
                                              type to mount. Must be a filesystem
                                              type supported by the host operating
                                              system. Ex. "ext4", "xfs", "ntfs". Implicitly
                                              inferred to be "ext4" if unspecified.
                                              TODO: how do we prevent errors in the
                                              filesystem from compromising the machine'
                                            type: string
                                          lun:
                                            description: 'lun is Optional: FC target
                                              lun number'
                                            format: int32
                                            type: integer
                                          readOnly:
                                            description: 'readOnly is Optional: Defaults
                                              to false (read/write). ReadOnly here
                                              will force the ReadOnly setting in VolumeMounts.'
                                            type: boolean
                                          targetWWNs:
                                            description: 'targetWWNs is Optional:
                                              FC target worldwide names (WWNs)'
                                            items:
                                              type: string
                                            type: array
                                          wwids:
                                            description: 'wwids Optional: FC volume
                                              world wide identifiers (wwids) Either
                                              wwids or combination of targetWWNs and
                                              lun must be set, but not both simultaneously.'
                                            items:
                                              type: string
                                            type: array
                                        type: object
                                      flexVolume:
                                        description: flexVolume represents a generic
                                          volume resource that is provisioned/attached
                                          using an exec based plugin.
                                        properties:
                                          driver:
                                            description: driver is the name of the
                                              driver to use for this volume.
                                            type: string
                                          fsType:
                                            description: fsType is the filesystem
                                              type to mount. Must be a filesystem
                                              type supported by the host operating
                                              system. Ex. "ext4", "xfs", "ntfs". The
                                              default filesystem depends on FlexVolume
                                              script.
                                            type: string
                                          options:
                                            additionalProperties:
                                              type: string
                                            description: 'options is Optional: this
                                              field holds extra command options if
                                              any.'
                                            type: object
                                          readOnly:
                                            description: 'readOnly is Optional: defaults
                                              to false (read/write). ReadOnly here
                                              will force the ReadOnly setting in VolumeMounts.'
                                            type: boolean
                                          secretRef:
                                            description: 'secretRef is Optional: secretRef
                                              is reference to the secret object containing
                                              sensitive information to pass to the
                                              plugin scripts. This may be empty if
                                              no secret object is specified. If the
                                              secret object contains more than one
                                              secret, all secrets are passed to the
                                              plugin scripts.'
                                            properties:
                                              name:
                                                description: 'Name of the referent.
                                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                  TODO: Add other useful fields. apiVersion,
                                                  kind, uid?'
                                                type: string
                                            type: object
                                        required:
                                        - driver
                                        type: object
                                      flocker:
                                        description: flocker represents a Flocker
                                          volume attached to a kubelet's host machine.
                                          This depends on the Flocker control service
                                          being running
                                        properties:
                                          datasetName:
                                            description: datasetName is Name of the
                                              dataset stored as metadata -> name on
                                              the dataset for Flocker should be considered
                                              as deprecated
                                            type: string
                                          datasetUUID:
                                            description: datasetUUID is the UUID of
                                              the dataset. This is unique identifier
                                              of a Flocker dataset
                                            type: string
                                        type: object
                                      gcePersistentDisk:
                                        description: 'gcePersistentDisk represents
                                          a GCE Disk resource that is attached to
                                          a kubelet''s host machine and then exposed
                                          to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
                                        properties:
                                          fsType:
                                            description: 'fsType is filesystem type
                                              of the volume that you want to mount.
                                              Tip: Ensure that the filesystem type
                                              is supported by the host operating system.
                                              Examples: "ext4", "xfs", "ntfs". Implicitly
                                              inferred to be "ext4" if unspecified.
                                              More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
                                              TODO: how do we prevent errors in the
                                              filesystem from compromising the machine'
                                            type: string
                                          partition:
                                            description: 'partition is the partition
                                              in the volume that you want to mount.
                                              If omitted, the default is to mount
                                              by volume name. Examples: For volume
                                              /dev/sda1, you specify the partition
                                              as "1". Similarly, the volume partition
                                              for /dev/sda is "0" (or you can leave
                                              the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
                                            format: int32
                                            type: integer
                                          pdName:
                                            description: 'pdName is unique name of
                                              the PD resource in GCE. Used to identify
                                              the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
                                            type: string
                                          readOnly:
                                            description: 'readOnly here will force
                                              the ReadOnly setting in VolumeMounts.
                                              Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
                                            type: boolean
                                        required:
                                        - pdName
                                        type: object
                                      gitRepo:
                                        description: 'gitRepo represents a git repository
                                          at a particular revision. DEPRECATED: GitRepo
                                          is deprecated. To provision a container
                                          with a git repo, mount an EmptyDir into
                                          an InitContainer that clones the repo using
                                          git, then mount the EmptyDir into the Pod''s
                                          container.'
                                        properties:
                                          directory:
                                            description: directory is the target directory
                                              name. Must not contain or start with
                                              '..'.  If '.' is supplied, the volume
                                              directory will be the git repository.  Otherwise,
                                              if specified, the volume will contain
                                              the git repository in the subdirectory
                                              with the given name.
                                            type: string
                                          repository:
                                            description: repository is the URL
                                            type: string
                                          revision:
                                            description: revision is the commit hash
                                              for the specified revision.
                                            type: string
                                        required:
                                        - repository
                                        type: object
                                      glusterfs:
                                        description: 'glusterfs represents a Glusterfs
                                          mount on the host that shares a pod''s lifetime.
                                          More info: https://examples.k8s.io/volumes/glusterfs/README.md'
                                        properties:
                                          endpoints:
                                            description: 'endpoints is the endpoint
                                              name that details Glusterfs topology.
                                              More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
                                            type: string
                                          path:
                                            description: 'path is the Glusterfs volume
                                              path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
                                            type: string
                                          readOnly:
                                            description: 'readOnly here will force
                                              the Glusterfs volume to be mounted with
                                              read-only permissions. Defaults to false.
                                              More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
                                            type: boolean
                                        required:
                                        - endpoints
                                        - path
                                        type: object
                                      hostPath:
                                        description: 'hostPath represents a pre-existing
                                          file or directory on the host machine that
                                          is directly exposed to the container. This
                                          is generally used for system agents or other
                                          privileged things that are allowed to see
                                          the host machine. Most containers will NOT
                                          need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
                                          --- TODO(jonesdl) We need to restrict who
                                          can use host directory mounts and who can/can
                                          not mount host directories as read/write.'
                                        properties:
                                          path:
                                            description: 'path of the directory on
                                              the host. If the path is a symlink,
                                              it will follow the link to the real
                                              path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
                                            type: string
                                          type:
                                            description: 'type for HostPath Volume
                                              Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
                                            type: string
                                        required:
                                        - path
                                        type: object
                                      iscsi:
                                        description: 'iscsi represents an ISCSI Disk
                                          resource that is attached to a kubelet''s
                                          host machine and then exposed to the pod.
                                          More info: https://examples.k8s.io/volumes/iscsi/README.md'
                                        properties:
                                          chapAuthDiscovery:
                                            description: chapAuthDiscovery defines
                                              whether support iSCSI Discovery CHAP
                                              authentication
                                            type: boolean
                                          chapAuthSession:
                                            description: chapAuthSession defines whether
                                              support iSCSI Session CHAP authentication
                                            type: boolean
                                          fsType:
                                            description: 'fsType is the filesystem
                                              type of the volume that you want to
                                              mount. Tip: Ensure that the filesystem
                                              type is supported by the host operating
                                              system. Examples: "ext4", "xfs", "ntfs".
                                              Implicitly inferred to be "ext4" if
                                              unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
                                              TODO: how do we prevent errors in the
                                              filesystem from compromising the machine'
                                            type: string
                                          initiatorName:
                                            description: initiatorName is the custom
                                              iSCSI Initiator Name. If initiatorName
                                              is specified with iscsiInterface simultaneously,
                                              new iSCSI interface <target portal>:<volume
                                              name> will be created for the connection.
                                            type: string
                                          iqn:
                                            description: iqn is the target iSCSI Qualified
                                              Name.
                                            type: string
                                          iscsiInterface:
                                            description: iscsiInterface is the interface
                                              Name that uses an iSCSI transport. Defaults
                                              to 'default' (tcp).
                                            type: string
                                          lun:
                                            description: lun represents iSCSI Target
                                              Lun number.
                                            format: int32
                                            type: integer
                                          portals:
                                            description: portals is the iSCSI Target
                                              Portal List. The portal is either an
                                              IP or ip_addr:port if the port is other
                                              than default (typically TCP ports 860
                                              and 3260).
                                            items:
                                              type: string
                                            type: array
                                          readOnly:
                                            description: readOnly here will force
                                              the ReadOnly setting in VolumeMounts.
                                              Defaults to false.
                                            type: boolean
                                          secretRef:
                                            description: secretRef is the CHAP Secret
                                              for iSCSI target and initiator authentication
                                            properties:
                                              name:
                                                description: 'Name of the referent.
                                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                  TODO: Add other useful fields. apiVersion,
                                                  kind, uid?'
                                                type: string
                                            type: object
                                          targetPortal:
                                            description: targetPortal is iSCSI Target
                                              Portal. The Portal is either an IP or
                                              ip_addr:port if the port is other than
                                              default (typically TCP ports 860 and
                                              3260).
                                            type: string
                                        required:
                                        - iqn
                                        - lun
                                        - targetPortal
                                        type: object
                                      name:
                                        description: 'name of the volume. Must be
                                          a DNS_LABEL and unique within the pod. More
                                          info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
                                        type: string
                                      nfs:
                                        description: 'nfs represents an NFS mount
                                          on the host that shares a pod''s lifetime
                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
                                        properties:
                                          path:
                                            description: 'path that is exported by
                                              the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
                                            type: string
                                          readOnly:
                                            description: 'readOnly here will force
                                              the NFS export to be mounted with read-only
                                              permissions. Defaults to false. More
                                              info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
                                            type: boolean
                                          server:
                                            description: 'server is the hostname or
                                              IP address of the NFS server. More info:
                                              https://kubernetes.io/docs/concepts/storage/volumes#nfs'
                                            type: string
                                        required:
                                        - path
                                        - server
                                        type: object
                                      persistentVolumeClaim:
                                        description: 'persistentVolumeClaimVolumeSource
                                          represents a reference to a PersistentVolumeClaim
                                          in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
                                        properties:
                                          claimName:
                                            description: 'claimName is the name of
                                              a PersistentVolumeClaim in the same
                                              namespace as the pod using this volume.
                                              More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
                                            type: string
                                          readOnly:
                                            description: readOnly Will force the ReadOnly
                                              setting in VolumeMounts. Default false.
                                            type: boolean
                                        required:
                                        - claimName
                                        type: object
                                      photonPersistentDisk:
                                        description: photonPersistentDisk represents
                                          a PhotonController persistent disk attached
                                          and mounted on kubelets host machine
                                        properties:
                                          fsType:
                                            description: fsType is the filesystem
                                              type to mount. Must be a filesystem
                                              type supported by the host operating
                                              system. Ex. "ext4", "xfs", "ntfs". Implicitly
                                              inferred to be "ext4" if unspecified.
                                            type: string
                                          pdID:
                                            description: pdID is the ID that identifies
                                              Photon Controller persistent disk
                                            type: string
                                        required:
                                        - pdID
                                        type: object
                                      portworxVolume:
                                        description: portworxVolume represents a portworx
                                          volume attached and mounted on kubelets
                                          host machine
                                        properties:
                                          fsType:
                                            description: fSType represents the filesystem
                                              type to mount Must be a filesystem type
                                              supported by the host operating system.
                                              Ex. "ext4", "xfs". Implicitly inferred
                                              to be "ext4" if unspecified.
                                            type: string
                                          readOnly:
                                            description: readOnly defaults to false
                                              (read/write). ReadOnly here will force
                                              the ReadOnly setting in VolumeMounts.
                                            type: boolean
                                          volumeID:
                                            description: volumeID uniquely identifies
                                              a Portworx volume
                                            type: string
                                        required:
                                        - volumeID
                                        type: object
                                      projected:
                                        description: projected items for all in one
                                          resources secrets, configmaps, and downward
                                          API
                                        properties:
                                          defaultMode:
                                            description: defaultMode are the mode
                                              bits used to set permissions on created
                                              files by default. Must be an octal value
                                              between 0000 and 0777 or a decimal value
                                              between 0 and 511. YAML accepts both
                                              octal and decimal values, JSON requires
                                              decimal values for mode bits. Directories
                                              within the path are not affected by
                                              this setting. This might be in conflict
                                              with other options that affect the file
                                              mode, like fsGroup, and the result can
                                              be other mode bits set.
                                            format: int32
                                            type: integer
                                          sources:
                                            description: sources is the list of volume
                                              projections
                                            items:
                                              description: Projection that may be
                                                projected along with other supported
                                                volume types
                                              properties:
                                                configMap:
                                                  description: configMap information
                                                    about the configMap data to project
                                                  properties:
                                                    items:
                                                      description: items if unspecified,
                                                        each key-value pair in the
                                                        Data field of the referenced
                                                        ConfigMap will be projected
                                                        into the volume as a file
                                                        whose name is the key and
                                                        content is the value. If specified,
                                                        the listed keys will be projected
                                                        into the specified paths,
                                                        and unlisted keys will not
                                                        be present. If a key is specified
                                                        which is not present in the
                                                        ConfigMap, the volume setup
                                                        will error unless it is marked
                                                        optional. Paths must be relative
                                                        and may not contain the '..'
                                                        path or start with '..'.
                                                      items:
                                                        description: Maps a string
                                                          key to a path within a volume.
                                                        properties:
                                                          key:
                                                            description: key is the
                                                              key to project.
                                                            type: string
                                                          mode:
                                                            description: 'mode is
                                                              Optional: mode bits
                                                              used to set permissions
                                                              on this file. Must be
                                                              an octal value between
                                                              0000 and 0777 or a decimal
                                                              value between 0 and
                                                              511. YAML accepts both
                                                              octal and decimal values,
                                                              JSON requires decimal
                                                              values for mode bits.
                                                              If not specified, the
                                                              volume defaultMode will
                                                              be used. This might
                                                              be in conflict with
                                                              other options that affect
                                                              the file mode, like
                                                              fsGroup, and the result
                                                              can be other mode bits
                                                              set.'
                                                            format: int32
                                                            type: integer
                                                          path:
                                                            description: path is the
                                                              relative path of the
                                                              file to map the key
                                                              to. May not be an absolute
                                                              path. May not contain
                                                              the path element '..'.
                                                              May not start with the
                                                              string '..'.
                                                            type: string
                                                        required:
                                                        - key
                                                        - path
                                                        type: object
                                                      type: array
                                                    name:
                                                      description: 'Name of the referent.
                                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                        TODO: Add other useful fields.
                                                        apiVersion, kind, uid?'
                                                      type: string
                                                    optional:
                                                      description: optional specify
                                                        whether the ConfigMap or its
                                                        keys must be defined
                                                      type: boolean
                                                  type: object
                                                downwardAPI:
                                                  description: downwardAPI information
                                                    about the downwardAPI data to
                                                    project
                                                  properties:
                                                    items:
                                                      description: Items is a list
                                                        of DownwardAPIVolume file
                                                      items:
                                                        description: DownwardAPIVolumeFile
                                                          represents information to
                                                          create the file containing
                                                          the pod field
                                                        properties:
                                                          fieldRef:
                                                            description: 'Required:
                                                              Selects a field of the
                                                              pod: only annotations,
                                                              labels, name and namespace
                                                              are supported.'
                                                            properties:
                                                              apiVersion:
                                                                description: Version
                                                                  of the schema the
                                                                  FieldPath is written
                                                                  in terms of, defaults
                                                                  to "v1".
                                                                type: string
                                                              fieldPath:
                                                                description: Path
                                                                  of the field to
                                                                  select in the specified
                                                                  API version.
                                                                type: string
                                                            required:
                                                            - fieldPath
                                                            type: object
                                                          mode:
                                                            description: 'Optional:
                                                              mode bits used to set
                                                              permissions on this
                                                              file, must be an octal
                                                              value between 0000 and
                                                              0777 or a decimal value
                                                              between 0 and 511. YAML
                                                              accepts both octal and
                                                              decimal values, JSON
                                                              requires decimal values
                                                              for mode bits. If not
                                                              specified, the volume
                                                              defaultMode will be
                                                              used. This might be
                                                              in conflict with other
                                                              options that affect
                                                              the file mode, like
                                                              fsGroup, and the result
                                                              can be other mode bits
                                                              set.'
                                                            format: int32
                                                            type: integer
                                                          path:
                                                            description: 'Required:
                                                              Path is  the relative
                                                              path name of the file
                                                              to be created. Must
                                                              not be absolute or contain
                                                              the ''..'' path. Must
                                                              be utf-8 encoded. The
                                                              first item of the relative
                                                              path must not start
                                                              with ''..'''
                                                            type: string
                                                          resourceFieldRef:
                                                            description: 'Selects
                                                              a resource of the container:
                                                              only resources limits
                                                              and requests (limits.cpu,
                                                              limits.memory, requests.cpu
                                                              and requests.memory)
                                                              are currently supported.'
                                                            properties:
                                                              containerName:
                                                                description: 'Container
                                                                  name: required for
                                                                  volumes, optional
                                                                  for env vars'
                                                                type: string
                                                              divisor:
                                                                anyOf:
                                                                - type: integer
                                                                - type: string
                                                                description: Specifies
                                                                  the output format
                                                                  of the exposed resources,
                                                                  defaults to "1"
                                                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                                x-kubernetes-int-or-string: true
                                                              resource:
                                                                description: 'Required:
                                                                  resource to select'
                                                                type: string
                                                            required:
                                                            - resource
                                                            type: object
                                                        required:
                                                        - path
                                                        type: object
                                                      type: array
                                                  type: object
                                                secret:
                                                  description: secret information
                                                    about the secret data to project
                                                  properties:
                                                    items:
                                                      description: items if unspecified,
                                                        each key-value pair in the
                                                        Data field of the referenced
                                                        Secret will be projected into
                                                        the volume as a file whose
                                                        name is the key and content
                                                        is the value. If specified,
                                                        the listed keys will be projected
                                                        into the specified paths,
                                                        and unlisted keys will not
                                                        be present. If a key is specified
                                                        which is not present in the
                                                        Secret, the volume setup will
                                                        error unless it is marked
                                                        optional. Paths must be relative
                                                        and may not contain the '..'
                                                        path or start with '..'.
                                                      items:
                                                        description: Maps a string
                                                          key to a path within a volume.
                                                        properties:
                                                          key:
                                                            description: key is the
                                                              key to project.
                                                            type: string
                                                          mode:
                                                            description: 'mode is
                                                              Optional: mode bits
                                                              used to set permissions
                                                              on this file. Must be
                                                              an octal value between
                                                              0000 and 0777 or a decimal
                                                              value between 0 and
                                                              511. YAML accepts both
                                                              octal and decimal values,
                                                              JSON requires decimal
                                                              values for mode bits.
                                                              If not specified, the
                                                              volume defaultMode will
                                                              be used. This might
                                                              be in conflict with
                                                              other options that affect
                                                              the file mode, like
                                                              fsGroup, and the result
                                                              can be other mode bits
                                                              set.'
                                                            format: int32
                                                            type: integer
                                                          path:
                                                            description: path is the
                                                              relative path of the
                                                              file to map the key
                                                              to. May not be an absolute
                                                              path. May not contain
                                                              the path element '..'.
                                                              May not start with the
                                                              string '..'.
                                                            type: string
                                                        required:
                                                        - key
                                                        - path
                                                        type: object
                                                      type: array
                                                    name:
                                                      description: 'Name of the referent.
                                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                        TODO: Add other useful fields.
                                                        apiVersion, kind, uid?'
                                                      type: string
                                                    optional:
                                                      description: optional field
                                                        specify whether the Secret
                                                        or its key must be defined
                                                      type: boolean
                                                  type: object
                                                serviceAccountToken:
                                                  description: serviceAccountToken
                                                    is information about the serviceAccountToken
                                                    data to project
                                                  properties:
                                                    audience:
                                                      description: audience is the
                                                        intended audience of the token.
                                                        A recipient of a token must
                                                        identify itself with an identifier
                                                        specified in the audience
                                                        of the token, and otherwise
                                                        should reject the token. The
                                                        audience defaults to the identifier
                                                        of the apiserver.
                                                      type: string
                                                    expirationSeconds:
                                                      description: expirationSeconds
                                                        is the requested duration
                                                        of validity of the service
                                                        account token. As the token
                                                        approaches expiration, the
                                                        kubelet volume plugin will
                                                        proactively rotate the service
                                                        account token. The kubelet
                                                        will start trying to rotate
                                                        the token if the token is
                                                        older than 80 percent of its
                                                        time to live or if the token
                                                        is older than 24 hours.Defaults
                                                        to 1 hour and must be at least
                                                        10 minutes.
                                                      format: int64
                                                      type: integer
                                                    path:
                                                      description: path is the path
                                                        relative to the mount point
                                                        of the file to project the
                                                        token into.
                                                      type: string
                                                  required:
                                                  - path
                                                  type: object
                                              type: object
                                            type: array
                                        type: object
                                      quobyte:
                                        description: quobyte represents a Quobyte
                                          mount on the host that shares a pod's lifetime
                                        properties:
                                          group:
                                            description: group to map volume access
                                              to Default is no group
                                            type: string
                                          readOnly:
                                            description: readOnly here will force
                                              the Quobyte volume to be mounted with
                                              read-only permissions. Defaults to false.
                                            type: boolean
                                          registry:
                                            description: registry represents a single
                                              or multiple Quobyte Registry services
                                              specified as a string as host:port pair
                                              (multiple entries are separated with
                                              commas) which acts as the central registry
                                              for volumes
                                            type: string
                                          tenant:
                                            description: tenant owning the given Quobyte
                                              volume in the Backend Used with dynamically
                                              provisioned Quobyte volumes, value is
                                              set by the plugin
                                            type: string
                                          user:
                                            description: user to map volume access
                                              to Defaults to serivceaccount user
                                            type: string
                                          volume:
                                            description: volume is a string that references
                                              an already created Quobyte volume by
                                              name.
                                            type: string
                                        required:
                                        - registry
                                        - volume
                                        type: object
                                      rbd:
                                        description: 'rbd represents a Rados Block
                                          Device mount on the host that shares a pod''s
                                          lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md'
                                        properties:
                                          fsType:
                                            description: 'fsType is the filesystem
                                              type of the volume that you want to
                                              mount. Tip: Ensure that the filesystem
                                              type is supported by the host operating
                                              system. Examples: "ext4", "xfs", "ntfs".
                                              Implicitly inferred to be "ext4" if
                                              unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
                                              TODO: how do we prevent errors in the
                                              filesystem from compromising the machine'
                                            type: string
                                          image:
                                            description: 'image is the rados image
                                              name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                            type: string
                                          keyring:
                                            description: 'keyring is the path to key
                                              ring for RBDUser. Default is /etc/ceph/keyring.
                                              More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                            type: string
                                          monitors:
                                            description: 'monitors is a collection
                                              of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                            items:
                                              type: string
                                            type: array
                                          pool:
                                            description: 'pool is the rados pool name.
                                              Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                            type: string
                                          readOnly:
                                            description: 'readOnly here will force
                                              the ReadOnly setting in VolumeMounts.
                                              Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                            type: boolean
                                          secretRef:
                                            description: 'secretRef is name of the
                                              authentication secret for RBDUser. If
                                              provided overrides keyring. Default
                                              is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                            properties:
                                              name:
                                                description: 'Name of the referent.
                                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                  TODO: Add other useful fields. apiVersion,
                                                  kind, uid?'
                                                type: string
                                            type: object
                                          user:
                                            description: 'user is the rados user name.
                                              Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                            type: string
                                        required:
                                        - image
                                        - monitors
                                        type: object
                                      scaleIO:
                                        description: scaleIO represents a ScaleIO
                                          persistent volume attached and mounted on
                                          Kubernetes nodes.
                                        properties:
                                          fsType:
                                            description: fsType is the filesystem
                                              type to mount. Must be a filesystem
                                              type supported by the host operating
                                              system. Ex. "ext4", "xfs", "ntfs". Default
                                              is "xfs".
                                            type: string
                                          gateway:
                                            description: gateway is the host address
                                              of the ScaleIO API Gateway.
                                            type: string
                                          protectionDomain:
                                            description: protectionDomain is the name
                                              of the ScaleIO Protection Domain for
                                              the configured storage.
                                            type: string
                                          readOnly:
                                            description: readOnly Defaults to false
                                              (read/write). ReadOnly here will force
                                              the ReadOnly setting in VolumeMounts.
                                            type: boolean
                                          secretRef:
                                            description: secretRef references to the
                                              secret for ScaleIO user and other sensitive
                                              information. If this is not provided,
                                              Login operation will fail.
                                            properties:
                                              name:
                                                description: 'Name of the referent.
                                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                  TODO: Add other useful fields. apiVersion,
                                                  kind, uid?'
                                                type: string
                                            type: object
                                          sslEnabled:
                                            description: sslEnabled Flag enable/disable
                                              SSL communication with Gateway, default
                                              false
                                            type: boolean
                                          storageMode:
                                            description: storageMode indicates whether
                                              the storage for a volume should be ThickProvisioned
                                              or ThinProvisioned. Default is ThinProvisioned.
                                            type: string
                                          storagePool:
                                            description: storagePool is the ScaleIO
                                              Storage Pool associated with the protection
                                              domain.
                                            type: string
                                          system:
                                            description: system is the name of the
                                              storage system as configured in ScaleIO.
                                            type: string
                                          volumeName:
                                            description: volumeName is the name of
                                              a volume already created in the ScaleIO
                                              system that is associated with this
                                              volume source.
                                            type: string
                                        required:
                                        - gateway
                                        - secretRef
                                        - system
                                        type: object
                                      secret:
                                        description: 'secret represents a secret that
                                          should populate this volume. More info:
                                          https://kubernetes.io/docs/concepts/storage/volumes#secret'
                                        properties:
                                          defaultMode:
                                            description: 'defaultMode is Optional:
                                              mode bits used to set permissions on
                                              created files by default. Must be an
                                              octal value between 0000 and 0777 or
                                              a decimal value between 0 and 511. YAML
                                              accepts both octal and decimal values,
                                              JSON requires decimal values for mode
                                              bits. Defaults to 0644. Directories
                                              within the path are not affected by
                                              this setting. This might be in conflict
                                              with other options that affect the file
                                              mode, like fsGroup, and the result can
                                              be other mode bits set.'
                                            format: int32
                                            type: integer
                                          items:
                                            description: items If unspecified, each
                                              key-value pair in the Data field of
                                              the referenced Secret will be projected
                                              into the volume as a file whose name
                                              is the key and content is the value.
                                              If specified, the listed keys will be
                                              projected into the specified paths,
                                              and unlisted keys will not be present.
                                              If a key is specified which is not present
                                              in the Secret, the volume setup will
                                              error unless it is marked optional.
                                              Paths must be relative and may not contain
                                              the '..' path or start with '..'.
                                            items:
                                              description: Maps a string key to a
                                                path within a volume.
                                              properties:
                                                key:
                                                  description: key is the key to project.
                                                  type: string
                                                mode:
                                                  description: 'mode is Optional:
                                                    mode bits used to set permissions
                                                    on this file. Must be an octal
                                                    value between 0000 and 0777 or
                                                    a decimal value between 0 and
                                                    511. YAML accepts both octal and
                                                    decimal values, JSON requires
                                                    decimal values for mode bits.
                                                    If not specified, the volume defaultMode
                                                    will be used. This might be in
                                                    conflict with other options that
                                                    affect the file mode, like fsGroup,
                                                    and the result can be other mode
                                                    bits set.'
                                                  format: int32
                                                  type: integer
                                                path:
                                                  description: path is the relative
                                                    path of the file to map the key
                                                    to. May not be an absolute path.
                                                    May not contain the path element
                                                    '..'. May not start with the string
                                                    '..'.
                                                  type: string
                                              required:
                                              - key
                                              - path
                                              type: object
                                            type: array
                                          optional:
                                            description: optional field specify whether
                                              the Secret or its keys must be defined
                                            type: boolean
                                          secretName:
                                            description: 'secretName is the name of
                                              the secret in the pod''s namespace to
                                              use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
                                            type: string
                                        type: object
                                      storageos:
                                        description: storageOS represents a StorageOS
                                          volume attached and mounted on Kubernetes
                                          nodes.
                                        properties:
                                          fsType:
                                            description: fsType is the filesystem
                                              type to mount. Must be a filesystem
                                              type supported by the host operating
                                              system. Ex. "ext4", "xfs", "ntfs". Implicitly
                                              inferred to be "ext4" if unspecified.
                                            type: string
                                          readOnly:
                                            description: readOnly defaults to false
                                              (read/write). ReadOnly here will force
                                              the ReadOnly setting in VolumeMounts.
                                            type: boolean
                                          secretRef:
                                            description: secretRef specifies the secret
                                              to use for obtaining the StorageOS API
                                              credentials.  If not specified, default
                                              values will be attempted.
                                            properties:
                                              name:
                                                description: 'Name of the referent.
                                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                  TODO: Add other useful fields. apiVersion,
                                                  kind, uid?'
                                                type: string
                                            type: object
                                          volumeName:
                                            description: volumeName is the human-readable
                                              name of the StorageOS volume.  Volume
                                              names are only unique within a namespace.
                                            type: string
                                          volumeNamespace:
                                            description: volumeNamespace specifies
                                              the scope of the volume within StorageOS.  If
                                              no namespace is specified then the Pod's
                                              namespace will be used.  This allows
                                              the Kubernetes name scoping to be mirrored
                                              within StorageOS for tighter integration.
                                              Set VolumeName to any name to override
                                              the default behaviour. Set to "default"
                                              if you are not using namespaces within
                                              StorageOS. Namespaces that do not pre-exist
                                              within StorageOS will be created.
                                            type: string
                                        type: object
                                      vsphereVolume:
                                        description: vsphereVolume represents a vSphere
                                          volume attached and mounted on kubelets
                                          host machine
                                        properties:
                                          fsType:
                                            description: fsType is filesystem type
                                              to mount. Must be a filesystem type
                                              supported by the host operating system.
                                              Ex. "ext4", "xfs", "ntfs". Implicitly
                                              inferred to be "ext4" if unspecified.
                                            type: string
                                          storagePolicyID:
                                            description: storagePolicyID is the storage
                                              Policy Based Management (SPBM) profile
                                              ID associated with the StoragePolicyName.
                                            type: string
                                          storagePolicyName:
                                            description: storagePolicyName is the
                                              storage Policy Based Management (SPBM)
                                              profile name.
                                            type: string
                                          volumePath:
                                            description: volumePath is the path that
                                              identifies vSphere volume vmdk
                                            type: string
                                        required:
                                        - volumePath
                                        type: object
                                    required:
                                    - name
                                    type: object
                                  type: array
                                  x-kubernetes-list-type: atomic
                                workspaces:
                                  description: Workspaces are the volumes that this
                                    Task requires.
                                  items:
                                    description: WorkspaceDeclaration is a declaration
                                      of a volume that a Task requires.
                                    properties:
                                      description:
                                        description: Description is an optional human
                                          readable description of this volume.
                                        type: string
                                      mountPath:
                                        description: MountPath overrides the directory
                                          that the volume will be made available at.
                                        type: string
                                      name:
                                        description: Name is the name by which you
                                          can bind the volume at runtime.
                                        type: string
                                      optional:
                                        description: Optional marks a Workspace as
                                          not being required in TaskRuns. By default
                                          this field is false and so declared workspaces
                                          are required.
                                        type: boolean
                                      readOnly:
                                        description: ReadOnly dictates whether a mounted
                                          volume is writable. By default this field
                                          is false and so mounted volumes are writable.
                                        type: boolean
                                    required:
                                    - name
                                    type: object
                                  type: array
                                  x-kubernetes-list-type: atomic
                              type: object
                            timeout:
                              description: 'Time after which the TaskRun times out.
                                Defaults to 1 hour. Specified TaskRun timeout should
                                be less than 24h. Refer Go''s ParseDuration documentation
                                for expected format: https://golang.org/pkg/time/#ParseDuration'
                              type: string
                            workspaces:
                              description: Workspaces maps workspaces from the pipeline
                                spec to the workspaces declared in the Task.
                              items:
                                description: WorkspacePipelineTaskBinding describes
                                  how a workspace passed into the pipeline should
                                  be mapped to a task's declared workspace.
                                properties:
                                  name:
                                    description: Name is the name of the workspace
                                      as declared by the task
                                    type: string
                                  subPath:
                                    description: SubPath is optionally a directory
                                      on the volume which should be used for this
                                      binding (i.e. the volume will be mounted at
                                      this sub directory).
                                    type: string
                                  workspace:
                                    description: Workspace is the name of the workspace
                                      declared by the pipeline
                                    type: string
                                required:
                                - name
                                type: object
                              type: array
                          type: object
                        type: array
                      workspaces:
                        description: Workspaces declares a set of named workspaces
                          that are expected to be provided by a PipelineRun.
                        items:
                          description: PipelineWorkspaceDeclaration creates a named
                            slot in a Pipeline that a PipelineRun is expected to populate
                            with a workspace binding.
                          properties:
                            description:
                              description: Description is a human readable string
                                describing how the workspace will be used in the Pipeline.
                                It can be useful to include a bit of detail about
                                which tasks are intended to have access to the data
                                on the workspace.
                              type: string
                            name:
                              description: Name is the name of a workspace to be provided
                                by a PipelineRun.
                              type: string
                            optional:
                              description: Optional marks a Workspace as not being
                                required in PipelineRuns. By default this field is
                                false and so declared workspaces are required.
                              type: boolean
                          required:
                          - name
                          type: object
                        type: array
                    type: object
                  podTemplate:
                    description: PodTemplate holds pod specific configuration
                    properties:
                      affinity:
                        description: If specified, the pod's scheduling constraints
                        properties:
                          nodeAffinity:
                            description: Describes node affinity scheduling rules
                              for the pod.
                            properties:
                              preferredDuringSchedulingIgnoredDuringExecution:
                                description: The scheduler will prefer to schedule
                                  pods to nodes that satisfy the affinity expressions
                                  specified by this field, but it may choose a node
                                  that violates one or more of the expressions. The
                                  node that is most preferred is the one with the
                                  greatest sum of weights, i.e. for each node that
                                  meets all of the scheduling requirements (resource
                                  request, requiredDuringScheduling affinity expressions,
                                  etc.), compute a sum by iterating through the elements
                                  of this field and adding "weight" to the sum if
                                  the node matches the corresponding matchExpressions;
                                  the node(s) with the highest sum are the most preferred.
                                items:
                                  description: An empty preferred scheduling term
                                    matches all objects with implicit weight 0 (i.e.
                                    it's a no-op). A null preferred scheduling term
                                    matches no objects (i.e. is also a no-op).
                                  properties:
                                    preference:
                                      description: A node selector term, associated
                                        with the corresponding weight.
                                      properties:
                                        matchExpressions:
                                          description: A list of node selector requirements
                                            by node's labels.
                                          items:
                                            description: A node selector requirement
                                              is a selector that contains values,
                                              a key, and an operator that relates
                                              the key and values.
                                            properties:
                                              key:
                                                description: The label key that the
                                                  selector applies to.
                                                type: string
                                              operator:
                                                description: Represents a key's relationship
                                                  to a set of values. Valid operators
                                                  are In, NotIn, Exists, DoesNotExist.
                                                  Gt, and Lt.
                                                type: string
                                              values:
                                                description: An array of string values.
                                                  If the operator is In or NotIn,
                                                  the values array must be non-empty.
                                                  If the operator is Exists or DoesNotExist,
                                                  the values array must be empty.
                                                  If the operator is Gt or Lt, the
                                                  values array must have a single
                                                  element, which will be interpreted
                                                  as an integer. This array is replaced
                                                  during a strategic merge patch.
                                                items:
                                                  type: string
                                                type: array
                                            required:
                                            - key
                                            - operator
                                            type: object
                                          type: array
                                        matchFields:
                                          description: A list of node selector requirements
                                            by node's fields.
                                          items:
                                            description: A node selector requirement
                                              is a selector that contains values,
                                              a key, and an operator that relates
                                              the key and values.
                                            properties:
                                              key:
                                                description: The label key that the
                                                  selector applies to.
                                                type: string
                                              operator:
                                                description: Represents a key's relationship
                                                  to a set of values. Valid operators
                                                  are In, NotIn, Exists, DoesNotExist.
                                                  Gt, and Lt.
                                                type: string
                                              values:
                                                description: An array of string values.
                                                  If the operator is In or NotIn,
                                                  the values array must be non-empty.
                                                  If the operator is Exists or DoesNotExist,
                                                  the values array must be empty.
                                                  If the operator is Gt or Lt, the
                                                  values array must have a single
                                                  element, which will be interpreted
                                                  as an integer. This array is replaced
                                                  during a strategic merge patch.
                                                items:
                                                  type: string
                                                type: array
                                            required:
                                            - key
                                            - operator
                                            type: object
                                          type: array
                                      type: object
                                    weight:
                                      description: Weight associated with matching
                                        the corresponding nodeSelectorTerm, in the
                                        range 1-100.
                                      format: int32
                                      type: integer
                                  required:
                                  - preference
                                  - weight
                                  type: object
                                type: array
                              requiredDuringSchedulingIgnoredDuringExecution:
                                description: If the affinity requirements specified
                                  by this field are not met at scheduling time, the
                                  pod will not be scheduled onto the node. If the
                                  affinity requirements specified by this field cease
                                  to be met at some point during pod execution (e.g.
                                  due to an update), the system may or may not try
                                  to eventually evict the pod from its node.
                                properties:
                                  nodeSelectorTerms:
                                    description: Required. A list of node selector
                                      terms. The terms are ORed.
                                    items:
                                      description: A null or empty node selector term
                                        matches no objects. The requirements of them
                                        are ANDed. The TopologySelectorTerm type implements
                                        a subset of the NodeSelectorTerm.
                                      properties:
                                        matchExpressions:
                                          description: A list of node selector requirements
                                            by node's labels.
                                          items:
                                            description: A node selector requirement
                                              is a selector that contains values,
                                              a key, and an operator that relates
                                              the key and values.
                                            properties:
                                              key:
                                                description: The label key that the
                                                  selector applies to.
                                                type: string
                                              operator:
                                                description: Represents a key's relationship
                                                  to a set of values. Valid operators
                                                  are In, NotIn, Exists, DoesNotExist.
                                                  Gt, and Lt.
                                                type: string
                                              values:
                                                description: An array of string values.
                                                  If the operator is In or NotIn,
                                                  the values array must be non-empty.
                                                  If the operator is Exists or DoesNotExist,
                                                  the values array must be empty.
                                                  If the operator is Gt or Lt, the
                                                  values array must have a single
                                                  element, which will be interpreted
                                                  as an integer. This array is replaced
                                                  during a strategic merge patch.
                                                items:
                                                  type: string
                                                type: array
                                            required:
                                            - key
                                            - operator
                                            type: object
                                          type: array
                                        matchFields:
                                          description: A list of node selector requirements
                                            by node's fields.
                                          items:
                                            description: A node selector requirement
                                              is a selector that contains values,
                                              a key, and an operator that relates
                                              the key and values.
                                            properties:
                                              key:
                                                description: The label key that the
                                                  selector applies to.
                                                type: string
                                              operator:
                                                description: Represents a key's relationship
                                                  to a set of values. Valid operators
                                                  are In, NotIn, Exists, DoesNotExist.
                                                  Gt, and Lt.
                                                type: string
                                              values:
                                                description: An array of string values.
                                                  If the operator is In or NotIn,
                                                  the values array must be non-empty.
                                                  If the operator is Exists or DoesNotExist,
                                                  the values array must be empty.
                                                  If the operator is Gt or Lt, the
                                                  values array must have a single
                                                  element, which will be interpreted
                                                  as an integer. This array is replaced
                                                  during a strategic merge patch.
                                                items:
                                                  type: string
                                                type: array
                                            required:
                                            - key
                                            - operator
                                            type: object
                                          type: array
                                      type: object
                                    type: array
                                required:
                                - nodeSelectorTerms
                                type: object
                            type: object
                          podAffinity:
                            description: Describes pod affinity scheduling rules (e.g.
                              co-locate this pod in the same node, zone, etc. as some
                              other pod(s)).
                            properties:
                              preferredDuringSchedulingIgnoredDuringExecution:
                                description: The scheduler will prefer to schedule
                                  pods to nodes that satisfy the affinity expressions
                                  specified by this field, but it may choose a node
                                  that violates one or more of the expressions. The
                                  node that is most preferred is the one with the
                                  greatest sum of weights, i.e. for each node that
                                  meets all of the scheduling requirements (resource
                                  request, requiredDuringScheduling affinity expressions,
                                  etc.), compute a sum by iterating through the elements
                                  of this field and adding "weight" to the sum if
                                  the node has pods which matches the corresponding
                                  podAffinityTerm; the node(s) with the highest sum
                                  are the most preferred.
                                items:
                                  description: The weights of all of the matched WeightedPodAffinityTerm
                                    fields are added per-node to find the most preferred
                                    node(s)
                                  properties:
                                    podAffinityTerm:
                                      description: Required. A pod affinity term,
                                        associated with the corresponding weight.
                                      properties:
                                        labelSelector:
                                          description: A label query over a set of
                                            resources, in this case pods.
                                          properties:
                                            matchExpressions:
                                              description: matchExpressions is a list
                                                of label selector requirements. The
                                                requirements are ANDed.
                                              items:
                                                description: A label selector requirement
                                                  is a selector that contains values,
                                                  a key, and an operator that relates
                                                  the key and values.
                                                properties:
                                                  key:
                                                    description: key is the label
                                                      key that the selector applies
                                                      to.
                                                    type: string
                                                  operator:
                                                    description: operator represents
                                                      a key's relationship to a set
                                                      of values. Valid operators are
                                                      In, NotIn, Exists and DoesNotExist.
                                                    type: string
                                                  values:
                                                    description: values is an array
                                                      of string values. If the operator
                                                      is In or NotIn, the values array
                                                      must be non-empty. If the operator
                                                      is Exists or DoesNotExist, the
                                                      values array must be empty.
                                                      This array is replaced during
                                                      a strategic merge patch.
                                                    items:
                                                      type: string
                                                    type: array
                                                required:
                                                - key
                                                - operator
                                                type: object
                                              type: array
                                            matchLabels:
                                              additionalProperties:
                                                type: string
                                              description: matchLabels is a map of
                                                {key,value} pairs. A single {key,value}
                                                in the matchLabels map is equivalent
                                                to an element of matchExpressions,
                                                whose key field is "key", the operator
                                                is "In", and the values array contains
                                                only "value". The requirements are
                                                ANDed.
                                              type: object
                                          type: object
                                        namespaceSelector:
                                          description: A label query over the set
                                            of namespaces that the term applies to.
                                            The term is applied to the union of the
                                            namespaces selected by this field and
                                            the ones listed in the namespaces field.
                                            null selector and null or empty namespaces
                                            list means "this pod's namespace". An
                                            empty selector ({}) matches all namespaces.
                                          properties:
                                            matchExpressions:
                                              description: matchExpressions is a list
                                                of label selector requirements. The
                                                requirements are ANDed.
                                              items:
                                                description: A label selector requirement
                                                  is a selector that contains values,
                                                  a key, and an operator that relates
                                                  the key and values.
                                                properties:
                                                  key:
                                                    description: key is the label
                                                      key that the selector applies
                                                      to.
                                                    type: string
                                                  operator:
                                                    description: operator represents
                                                      a key's relationship to a set
                                                      of values. Valid operators are
                                                      In, NotIn, Exists and DoesNotExist.
                                                    type: string
                                                  values:
                                                    description: values is an array
                                                      of string values. If the operator
                                                      is In or NotIn, the values array
                                                      must be non-empty. If the operator
                                                      is Exists or DoesNotExist, the
                                                      values array must be empty.
                                                      This array is replaced during
                                                      a strategic merge patch.
                                                    items:
                                                      type: string
                                                    type: array
                                                required:
                                                - key
                                                - operator
                                                type: object
                                              type: array
                                            matchLabels:
                                              additionalProperties:
                                                type: string
                                              description: matchLabels is a map of
                                                {key,value} pairs. A single {key,value}
                                                in the matchLabels map is equivalent
                                                to an element of matchExpressions,
                                                whose key field is "key", the operator
                                                is "In", and the values array contains
                                                only "value". The requirements are
                                                ANDed.
                                              type: object
                                          type: object
                                        namespaces:
                                          description: namespaces specifies a static
                                            list of namespace names that the term
                                            applies to. The term is applied to the
                                            union of the namespaces listed in this
                                            field and the ones selected by namespaceSelector.
                                            null or empty namespaces list and null
                                            namespaceSelector means "this pod's namespace".
                                          items:
                                            type: string
                                          type: array
                                        topologyKey:
                                          description: This pod should be co-located
                                            (affinity) or not co-located (anti-affinity)
                                            with the pods matching the labelSelector
                                            in the specified namespaces, where co-located
                                            is defined as running on a node whose
                                            value of the label with key topologyKey
                                            matches that of any node on which any
                                            of the selected pods is running. Empty
                                            topologyKey is not allowed.
                                          type: string
                                      required:
                                      - topologyKey
                                      type: object
                                    weight:
                                      description: weight associated with matching
                                        the corresponding podAffinityTerm, in the
                                        range 1-100.
                                      format: int32
                                      type: integer
                                  required:
                                  - podAffinityTerm
                                  - weight
                                  type: object
                                type: array
                              requiredDuringSchedulingIgnoredDuringExecution:
                                description: If the affinity requirements specified
                                  by this field are not met at scheduling time, the
                                  pod will not be scheduled onto the node. If the
                                  affinity requirements specified by this field cease
                                  to be met at some point during pod execution (e.g.
                                  due to a pod label update), the system may or may
                                  not try to eventually evict the pod from its node.
                                  When there are multiple elements, the lists of nodes
                                  corresponding to each podAffinityTerm are intersected,
                                  i.e. all terms must be satisfied.
                                items:
                                  description: Defines a set of pods (namely those
                                    matching the labelSelector relative to the given
                                    namespace(s)) that this pod should be co-located
                                    (affinity) or not co-located (anti-affinity) with,
                                    where co-located is defined as running on a node
                                    whose value of the label with key <topologyKey>
                                    matches that of any node on which a pod of the
                                    set of pods is running
                                  properties:
                                    labelSelector:
                                      description: A label query over a set of resources,
                                        in this case pods.
                                      properties:
                                        matchExpressions:
                                          description: matchExpressions is a list
                                            of label selector requirements. The requirements
                                            are ANDed.
                                          items:
                                            description: A label selector requirement
                                              is a selector that contains values,
                                              a key, and an operator that relates
                                              the key and values.
                                            properties:
                                              key:
                                                description: key is the label key
                                                  that the selector applies to.
                                                type: string
                                              operator:
                                                description: operator represents a
                                                  key's relationship to a set of values.
                                                  Valid operators are In, NotIn, Exists
                                                  and DoesNotExist.
                                                type: string
                                              values:
                                                description: values is an array of
                                                  string values. If the operator is
                                                  In or NotIn, the values array must
                                                  be non-empty. If the operator is
                                                  Exists or DoesNotExist, the values
                                                  array must be empty. This array
                                                  is replaced during a strategic merge
                                                  patch.
                                                items:
                                                  type: string
                                                type: array
                                            required:
                                            - key
                                            - operator
                                            type: object
                                          type: array
                                        matchLabels:
                                          additionalProperties:
                                            type: string
                                          description: matchLabels is a map of {key,value}
                                            pairs. A single {key,value} in the matchLabels
                                            map is equivalent to an element of matchExpressions,
                                            whose key field is "key", the operator
                                            is "In", and the values array contains
                                            only "value". The requirements are ANDed.
                                          type: object
                                      type: object
                                    namespaceSelector:
                                      description: A label query over the set of namespaces
                                        that the term applies to. The term is applied
                                        to the union of the namespaces selected by
                                        this field and the ones listed in the namespaces
                                        field. null selector and null or empty namespaces
                                        list means "this pod's namespace". An empty
                                        selector ({}) matches all namespaces.
                                      properties:
                                        matchExpressions:
                                          description: matchExpressions is a list
                                            of label selector requirements. The requirements
                                            are ANDed.
                                          items:
                                            description: A label selector requirement
                                              is a selector that contains values,
                                              a key, and an operator that relates
                                              the key and values.
                                            properties:
                                              key:
                                                description: key is the label key
                                                  that the selector applies to.
                                                type: string
                                              operator:
                                                description: operator represents a
                                                  key's relationship to a set of values.
                                                  Valid operators are In, NotIn, Exists
                                                  and DoesNotExist.
                                                type: string
                                              values:
                                                description: values is an array of
                                                  string values. If the operator is
                                                  In or NotIn, the values array must
                                                  be non-empty. If the operator is
                                                  Exists or DoesNotExist, the values
                                                  array must be empty. This array
                                                  is replaced during a strategic merge
                                                  patch.
                                                items:
                                                  type: string
                                                type: array
                                            required:
                                            - key
                                            - operator
                                            type: object
                                          type: array
                                        matchLabels:
                                          additionalProperties:
                                            type: string
                                          description: matchLabels is a map of {key,value}
                                            pairs. A single {key,value} in the matchLabels
                                            map is equivalent to an element of matchExpressions,
                                            whose key field is "key", the operator
                                            is "In", and the values array contains
                                            only "value". The requirements are ANDed.
                                          type: object
                                      type: object
                                    namespaces:
                                      description: namespaces specifies a static list
                                        of namespace names that the term applies to.
                                        The term is applied to the union of the namespaces
                                        listed in this field and the ones selected
                                        by namespaceSelector. null or empty namespaces
                                        list and null namespaceSelector means "this
                                        pod's namespace".
                                      items:
                                        type: string
                                      type: array
                                    topologyKey:
                                      description: This pod should be co-located (affinity)
                                        or not co-located (anti-affinity) with the
                                        pods matching the labelSelector in the specified
                                        namespaces, where co-located is defined as
                                        running on a node whose value of the label
                                        with key topologyKey matches that of any node
                                        on which any of the selected pods is running.
                                        Empty topologyKey is not allowed.
                                      type: string
                                  required:
                                  - topologyKey
                                  type: object
                                type: array
                            type: object
                          podAntiAffinity:
                            description: Describes pod anti-affinity scheduling rules
                              (e.g. avoid putting this pod in the same node, zone,
                              etc. as some other pod(s)).
                            properties:
                              preferredDuringSchedulingIgnoredDuringExecution:
                                description: The scheduler will prefer to schedule
                                  pods to nodes that satisfy the anti-affinity expressions
                                  specified by this field, but it may choose a node
                                  that violates one or more of the expressions. The
                                  node that is most preferred is the one with the
                                  greatest sum of weights, i.e. for each node that
                                  meets all of the scheduling requirements (resource
                                  request, requiredDuringScheduling anti-affinity
                                  expressions, etc.), compute a sum by iterating through
                                  the elements of this field and adding "weight" to
                                  the sum if the node has pods which matches the corresponding
                                  podAffinityTerm; the node(s) with the highest sum
                                  are the most preferred.
                                items:
                                  description: The weights of all of the matched WeightedPodAffinityTerm
                                    fields are added per-node to find the most preferred
                                    node(s)
                                  properties:
                                    podAffinityTerm:
                                      description: Required. A pod affinity term,
                                        associated with the corresponding weight.
                                      properties:
                                        labelSelector:
                                          description: A label query over a set of
                                            resources, in this case pods.
                                          properties:
                                            matchExpressions:
                                              description: matchExpressions is a list
                                                of label selector requirements. The
                                                requirements are ANDed.
                                              items:
                                                description: A label selector requirement
                                                  is a selector that contains values,
                                                  a key, and an operator that relates
                                                  the key and values.
                                                properties:
                                                  key:
                                                    description: key is the label
                                                      key that the selector applies
                                                      to.
                                                    type: string
                                                  operator:
                                                    description: operator represents
                                                      a key's relationship to a set
                                                      of values. Valid operators are
                                                      In, NotIn, Exists and DoesNotExist.
                                                    type: string
                                                  values:
                                                    description: values is an array
                                                      of string values. If the operator
                                                      is In or NotIn, the values array
                                                      must be non-empty. If the operator
                                                      is Exists or DoesNotExist, the
                                                      values array must be empty.
                                                      This array is replaced during
                                                      a strategic merge patch.
                                                    items:
                                                      type: string
                                                    type: array
                                                required:
                                                - key
                                                - operator
                                                type: object
                                              type: array
                                            matchLabels:
                                              additionalProperties:
                                                type: string
                                              description: matchLabels is a map of
                                                {key,value} pairs. A single {key,value}
                                                in the matchLabels map is equivalent
                                                to an element of matchExpressions,
                                                whose key field is "key", the operator
                                                is "In", and the values array contains
                                                only "value". The requirements are
                                                ANDed.
                                              type: object
                                          type: object
                                        namespaceSelector:
                                          description: A label query over the set
                                            of namespaces that the term applies to.
                                            The term is applied to the union of the
                                            namespaces selected by this field and
                                            the ones listed in the namespaces field.
                                            null selector and null or empty namespaces
                                            list means "this pod's namespace". An
                                            empty selector ({}) matches all namespaces.
                                          properties:
                                            matchExpressions:
                                              description: matchExpressions is a list
                                                of label selector requirements. The
                                                requirements are ANDed.
                                              items:
                                                description: A label selector requirement
                                                  is a selector that contains values,
                                                  a key, and an operator that relates
                                                  the key and values.
                                                properties:
                                                  key:
                                                    description: key is the label
                                                      key that the selector applies
                                                      to.
                                                    type: string
                                                  operator:
                                                    description: operator represents
                                                      a key's relationship to a set
                                                      of values. Valid operators are
                                                      In, NotIn, Exists and DoesNotExist.
                                                    type: string
                                                  values:
                                                    description: values is an array
                                                      of string values. If the operator
                                                      is In or NotIn, the values array
                                                      must be non-empty. If the operator
                                                      is Exists or DoesNotExist, the
                                                      values array must be empty.
                                                      This array is replaced during
                                                      a strategic merge patch.
                                                    items:
                                                      type: string
                                                    type: array
                                                required:
                                                - key
                                                - operator
                                                type: object
                                              type: array
                                            matchLabels:
                                              additionalProperties:
                                                type: string
                                              description: matchLabels is a map of
                                                {key,value} pairs. A single {key,value}
                                                in the matchLabels map is equivalent
                                                to an element of matchExpressions,
                                                whose key field is "key", the operator
                                                is "In", and the values array contains
                                                only "value". The requirements are
                                                ANDed.
                                              type: object
                                          type: object
                                        namespaces:
                                          description: namespaces specifies a static
                                            list of namespace names that the term
                                            applies to. The term is applied to the
                                            union of the namespaces listed in this
                                            field and the ones selected by namespaceSelector.
                                            null or empty namespaces list and null
                                            namespaceSelector means "this pod's namespace".
                                          items:
                                            type: string
                                          type: array
                                        topologyKey:
                                          description: This pod should be co-located
                                            (affinity) or not co-located (anti-affinity)
                                            with the pods matching the labelSelector
                                            in the specified namespaces, where co-located
                                            is defined as running on a node whose
                                            value of the label with key topologyKey
                                            matches that of any node on which any
                                            of the selected pods is running. Empty
                                            topologyKey is not allowed.
                                          type: string
                                      required:
                                      - topologyKey
                                      type: object
                                    weight:
                                      description: weight associated with matching
                                        the corresponding podAffinityTerm, in the
                                        range 1-100.
                                      format: int32
                                      type: integer
                                  required:
                                  - podAffinityTerm
                                  - weight
                                  type: object
                                type: array
                              requiredDuringSchedulingIgnoredDuringExecution:
                                description: If the anti-affinity requirements specified
                                  by this field are not met at scheduling time, the
                                  pod will not be scheduled onto the node. If the
                                  anti-affinity requirements specified by this field
                                  cease to be met at some point during pod execution
                                  (e.g. due to a pod label update), the system may
                                  or may not try to eventually evict the pod from
                                  its node. When there are multiple elements, the
                                  lists of nodes corresponding to each podAffinityTerm
                                  are intersected, i.e. all terms must be satisfied.
                                items:
                                  description: Defines a set of pods (namely those
                                    matching the labelSelector relative to the given
                                    namespace(s)) that this pod should be co-located
                                    (affinity) or not co-located (anti-affinity) with,
                                    where co-located is defined as running on a node
                                    whose value of the label with key <topologyKey>
                                    matches that of any node on which a pod of the
                                    set of pods is running
                                  properties:
                                    labelSelector:
                                      description: A label query over a set of resources,
                                        in this case pods.
                                      properties:
                                        matchExpressions:
                                          description: matchExpressions is a list
                                            of label selector requirements. The requirements
                                            are ANDed.
                                          items:
                                            description: A label selector requirement
                                              is a selector that contains values,
                                              a key, and an operator that relates
                                              the key and values.
                                            properties:
                                              key:
                                                description: key is the label key
                                                  that the selector applies to.
                                                type: string
                                              operator:
                                                description: operator represents a
                                                  key's relationship to a set of values.
                                                  Valid operators are In, NotIn, Exists
                                                  and DoesNotExist.
                                                type: string
                                              values:
                                                description: values is an array of
                                                  string values. If the operator is
                                                  In or NotIn, the values array must
                                                  be non-empty. If the operator is
                                                  Exists or DoesNotExist, the values
                                                  array must be empty. This array
                                                  is replaced during a strategic merge
                                                  patch.
                                                items:
                                                  type: string
                                                type: array
                                            required:
                                            - key
                                            - operator
                                            type: object
                                          type: array
                                        matchLabels:
                                          additionalProperties:
                                            type: string
                                          description: matchLabels is a map of {key,value}
                                            pairs. A single {key,value} in the matchLabels
                                            map is equivalent to an element of matchExpressions,
                                            whose key field is "key", the operator
                                            is "In", and the values array contains
                                            only "value". The requirements are ANDed.
                                          type: object
                                      type: object
                                    namespaceSelector:
                                      description: A label query over the set of namespaces
                                        that the term applies to. The term is applied
                                        to the union of the namespaces selected by
                                        this field and the ones listed in the namespaces
                                        field. null selector and null or empty namespaces
                                        list means "this pod's namespace". An empty
                                        selector ({}) matches all namespaces.
                                      properties:
                                        matchExpressions:
                                          description: matchExpressions is a list
                                            of label selector requirements. The requirements
                                            are ANDed.
                                          items:
                                            description: A label selector requirement
                                              is a selector that contains values,
                                              a key, and an operator that relates
                                              the key and values.
                                            properties:
                                              key:
                                                description: key is the label key
                                                  that the selector applies to.
                                                type: string
                                              operator:
                                                description: operator represents a
                                                  key's relationship to a set of values.
                                                  Valid operators are In, NotIn, Exists
                                                  and DoesNotExist.
                                                type: string
                                              values:
                                                description: values is an array of
                                                  string values. If the operator is
                                                  In or NotIn, the values array must
                                                  be non-empty. If the operator is
                                                  Exists or DoesNotExist, the values
                                                  array must be empty. This array
                                                  is replaced during a strategic merge
                                                  patch.
                                                items:
                                                  type: string
                                                type: array
                                            required:
                                            - key
                                            - operator
                                            type: object
                                          type: array
                                        matchLabels:
                                          additionalProperties:
                                            type: string
                                          description: matchLabels is a map of {key,value}
                                            pairs. A single {key,value} in the matchLabels
                                            map is equivalent to an element of matchExpressions,
                                            whose key field is "key", the operator
                                            is "In", and the values array contains
                                            only "value". The requirements are ANDed.
                                          type: object
                                      type: object
                                    namespaces:
                                      description: namespaces specifies a static list
                                        of namespace names that the term applies to.
                                        The term is applied to the union of the namespaces
                                        listed in this field and the ones selected
                                        by namespaceSelector. null or empty namespaces
                                        list and null namespaceSelector means "this
                                        pod's namespace".
                                      items:
                                        type: string
                                      type: array
                                    topologyKey:
                                      description: This pod should be co-located (affinity)
                                        or not co-located (anti-affinity) with the
                                        pods matching the labelSelector in the specified
                                        namespaces, where co-located is defined as
                                        running on a node whose value of the label
                                        with key topologyKey matches that of any node
                                        on which any of the selected pods is running.
                                        Empty topologyKey is not allowed.
                                      type: string
                                  required:
                                  - topologyKey
                                  type: object
                                type: array
                            type: object
                        type: object
                      automountServiceAccountToken:
                        description: AutomountServiceAccountToken indicates whether
                          pods running as this service account should have an API
                          token automatically mounted.
                        type: boolean
                      dnsConfig:
                        description: Specifies the DNS parameters of a pod. Parameters
                          specified here will be merged to the generated DNS configuration
                          based on DNSPolicy.
                        properties:
                          nameservers:
                            description: A list of DNS name server IP addresses. This
                              will be appended to the base nameservers generated from
                              DNSPolicy. Duplicated nameservers will be removed.
                            items:
                              type: string
                            type: array
                          options:
                            description: A list of DNS resolver options. This will
                              be merged with the base options generated from DNSPolicy.
                              Duplicated entries will be removed. Resolution options
                              given in Options will override those that appear in
                              the base DNSPolicy.
                            items:
                              description: PodDNSConfigOption defines DNS resolver
                                options of a pod.
                              properties:
                                name:
                                  description: Required.
                                  type: string
                                value:
                                  type: string
                              type: object
                            type: array
                          searches:
                            description: A list of DNS search domains for host-name
                              lookup. This will be appended to the base search paths
                              generated from DNSPolicy. Duplicated search paths will
                              be removed.
                            items:
                              type: string
                            type: array
                        type: object
                      dnsPolicy:
                        description: Set DNS policy for the pod. Defaults to "ClusterFirst".
                          Valid values are 'ClusterFirst', 'Default' or 'None'. DNS
                          parameters given in DNSConfig will be merged with the policy
                          selected with DNSPolicy.
                        type: string
                      enableServiceLinks:
                        description: 'EnableServiceLinks indicates whether information
                          about services should be injected into pod''s environment
                          variables, matching the syntax of Docker links. Optional:
                          Defaults to true.'
                        type: boolean
                      hostAliases:
                        description: HostAliases is an optional list of hosts and
                          IPs that will be injected into the pod's hosts file if specified.
                          This is only valid for non-hostNetwork pods.
                        items:
                          description: HostAlias holds the mapping between IP and
                            hostnames that will be injected as an entry in the pod's
                            hosts file.
                          properties:
                            hostnames:
                              description: Hostnames for the above IP address.
                              items:
                                type: string
                              type: array
                            ip:
                              description: IP address of the host file entry.
                              type: string
                          type: object
                        type: array
                        x-kubernetes-list-type: atomic
                      hostNetwork:
                        description: HostNetwork specifies whether the pod may use
                          the node network namespace
                        type: boolean
                      imagePullSecrets:
                        description: ImagePullSecrets gives the name of the secret
                          used by the pod to pull the image if specified
                        items:
                          description: LocalObjectReference contains enough information
                            to let you locate the referenced object inside the same
                            namespace.
                          properties:
                            name:
                              description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                TODO: Add other useful fields. apiVersion, kind, uid?'
                              type: string
                          type: object
                        type: array
                        x-kubernetes-list-type: atomic
                      nodeSelector:
                        additionalProperties:
                          type: string
                        description: 'NodeSelector is a selector which must be true
                          for the pod to fit on a node. Selector which must match
                          a node''s labels for the pod to be scheduled on that node.
                          More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/'
                        type: object
                      priorityClassName:
                        description: If specified, indicates the pod's priority. "system-node-critical"
                          and "system-cluster-critical" are two special keywords which
                          indicate the highest priorities with the former being the
                          highest priority. Any other name must be defined by creating
                          a PriorityClass object with that name. If not specified,
                          the pod priority will be default or zero if there is no
                          default.
                        type: string
                      runtimeClassName:
                        description: 'RuntimeClassName refers to a RuntimeClass object
                          in the node.k8s.io group, which should be used to run this
                          pod. If no RuntimeClass resource matches the named class,
                          the pod will not be run. If unset or empty, the "legacy"
                          RuntimeClass will be used, which is an implicit class with
                          an empty definition that uses the default runtime handler.
                          More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md
                          This is a beta feature as of Kubernetes v1.14.'
                        type: string
                      schedulerName:
                        description: SchedulerName specifies the scheduler to be used
                          to dispatch the Pod
                        type: string
                      securityContext:
                        description: 'SecurityContext holds pod-level security attributes
                          and common container settings. Optional: Defaults to empty.  See
                          type description for default values of each field.'
                        properties:
                          fsGroup:
                            description: "A special supplemental group that applies
                              to all containers in a pod. Some volume types allow
                              the Kubelet to change the ownership of that volume to
                              be owned by the pod: \n 1. The owning GID will be the
                              FSGroup 2. The setgid bit is set (new files created
                              in the volume will be owned by FSGroup) 3. The permission
                              bits are OR'd with rw-rw---- \n If unset, the Kubelet
                              will not modify the ownership and permissions of any
                              volume. Note that this field cannot be set when spec.os.name
                              is windows."
                            format: int64
                            type: integer
                          fsGroupChangePolicy:
                            description: 'fsGroupChangePolicy defines behavior of
                              changing ownership and permission of the volume before
                              being exposed inside Pod. This field will only apply
                              to volume types which support fsGroup based ownership(and
                              permissions). It will have no effect on ephemeral volume
                              types such as: secret, configmaps and emptydir. Valid
                              values are "OnRootMismatch" and "Always". If not specified,
                              "Always" is used. Note that this field cannot be set
                              when spec.os.name is windows.'
                            type: string
                          runAsGroup:
                            description: The GID to run the entrypoint of the container
                              process. Uses runtime default if unset. May also be
                              set in SecurityContext.  If set in both SecurityContext
                              and PodSecurityContext, the value specified in SecurityContext
                              takes precedence for that container. Note that this
                              field cannot be set when spec.os.name is windows.
                            format: int64
                            type: integer
                          runAsNonRoot:
                            description: Indicates that the container must run as
                              a non-root user. If true, the Kubelet will validate
                              the image at runtime to ensure that it does not run
                              as UID 0 (root) and fail to start the container if it
                              does. If unset or false, no such validation will be
                              performed. May also be set in SecurityContext.  If set
                              in both SecurityContext and PodSecurityContext, the
                              value specified in SecurityContext takes precedence.
                            type: boolean
                          runAsUser:
                            description: The UID to run the entrypoint of the container
                              process. Defaults to user specified in image metadata
                              if unspecified. May also be set in SecurityContext.  If
                              set in both SecurityContext and PodSecurityContext,
                              the value specified in SecurityContext takes precedence
                              for that container. Note that this field cannot be set
                              when spec.os.name is windows.
                            format: int64
                            type: integer
                          seLinuxOptions:
                            description: The SELinux context to be applied to all
                              containers. If unspecified, the container runtime will
                              allocate a random SELinux context for each container.  May
                              also be set in SecurityContext.  If set in both SecurityContext
                              and PodSecurityContext, the value specified in SecurityContext
                              takes precedence for that container. Note that this
                              field cannot be set when spec.os.name is windows.
                            properties:
                              level:
                                description: Level is SELinux level label that applies
                                  to the container.
                                type: string
                              role:
                                description: Role is a SELinux role label that applies
                                  to the container.
                                type: string
                              type:
                                description: Type is a SELinux type label that applies
                                  to the container.
                                type: string
                              user:
                                description: User is a SELinux user label that applies
                                  to the container.
                                type: string
                            type: object
                          seccompProfile:
                            description: The seccomp options to use by the containers
                              in this pod. Note that this field cannot be set when
                              spec.os.name is windows.
                            properties:
                              localhostProfile:
                                description: localhostProfile indicates a profile
                                  defined in a file on the node should be used. The
                                  profile must be preconfigured on the node to work.
                                  Must be a descending path, relative to the kubelet's
                                  configured seccomp profile location. Must only be
                                  set if type is "Localhost".
                                type: string
                              type:
                                description: "type indicates which kind of seccomp
                                  profile will be applied. Valid options are: \n Localhost
                                  - a profile defined in a file on the node should
                                  be used. RuntimeDefault - the container runtime
                                  default profile should be used. Unconfined - no
                                  profile should be applied."
                                type: string
                            required:
                            - type
                            type: object
                          supplementalGroups:
                            description: A list of groups applied to the first process
                              run in each container, in addition to the container's
                              primary GID.  If unspecified, no groups will be added
                              to any container. Note that this field cannot be set
                              when spec.os.name is windows.
                            items:
                              format: int64
                              type: integer
                            type: array
                          sysctls:
                            description: Sysctls hold a list of namespaced sysctls
                              used for the pod. Pods with unsupported sysctls (by
                              the container runtime) might fail to launch. Note that
                              this field cannot be set when spec.os.name is windows.
                            items:
                              description: Sysctl defines a kernel parameter to be
                                set
                              properties:
                                name:
                                  description: Name of a property to set
                                  type: string
                                value:
                                  description: Value of a property to set
                                  type: string
                              required:
                              - name
                              - value
                              type: object
                            type: array
                          windowsOptions:
                            description: The Windows specific settings applied to
                              all containers. If unspecified, the options within a
                              container's SecurityContext will be used. If set in
                              both SecurityContext and PodSecurityContext, the value
                              specified in SecurityContext takes precedence. Note
                              that this field cannot be set when spec.os.name is linux.
                            properties:
                              gmsaCredentialSpec:
                                description: GMSACredentialSpec is where the GMSA
                                  admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
                                  inlines the contents of the GMSA credential spec
                                  named by the GMSACredentialSpecName field.
                                type: string
                              gmsaCredentialSpecName:
                                description: GMSACredentialSpecName is the name of
                                  the GMSA credential spec to use.
                                type: string
                              hostProcess:
                                description: HostProcess determines if a container
                                  should be run as a 'Host Process' container. This
                                  field is alpha-level and will only be honored by
                                  components that enable the WindowsHostProcessContainers
                                  feature flag. Setting this field without the feature
                                  flag will result in errors when validating the Pod.
                                  All of a Pod's containers must have the same effective
                                  HostProcess value (it is not allowed to have a mix
                                  of HostProcess containers and non-HostProcess containers).  In
                                  addition, if HostProcess is true then HostNetwork
                                  must also be set to true.
                                type: boolean
                              runAsUserName:
                                description: The UserName in Windows to run the entrypoint
                                  of the container process. Defaults to the user specified
                                  in image metadata if unspecified. May also be set
                                  in PodSecurityContext. If set in both SecurityContext
                                  and PodSecurityContext, the value specified in SecurityContext
                                  takes precedence.
                                type: string
                            type: object
                        type: object
                      tolerations:
                        description: If specified, the pod's tolerations.
                        items:
                          description: The pod this Toleration is attached to tolerates
                            any taint that matches the triple <key,value,effect> using
                            the matching operator <operator>.
                          properties:
                            effect:
                              description: Effect indicates the taint effect to match.
                                Empty means match all taint effects. When specified,
                                allowed values are NoSchedule, PreferNoSchedule and
                                NoExecute.
                              type: string
                            key:
                              description: Key is the taint key that the toleration
                                applies to. Empty means match all taint keys. If the
                                key is empty, operator must be Exists; this combination
                                means to match all values and all keys.
                              type: string
                            operator:
                              description: Operator represents a key's relationship
                                to the value. Valid operators are Exists and Equal.
                                Defaults to Equal. Exists is equivalent to wildcard
                                for value, so that a pod can tolerate all taints of
                                a particular category.
                              type: string
                            tolerationSeconds:
                              description: TolerationSeconds represents the period
                                of time the toleration (which must be of effect NoExecute,
                                otherwise this field is ignored) tolerates the taint.
                                By default, it is not set, which means tolerate the
                                taint forever (do not evict). Zero and negative values
                                will be treated as 0 (evict immediately) by the system.
                              format: int64
                              type: integer
                            value:
                              description: Value is the taint value the toleration
                                matches to. If the operator is Exists, the value should
                                be empty, otherwise just a regular string.
                              type: string
                          type: object
                        type: array
                        x-kubernetes-list-type: atomic
                      volumes:
                        description: 'List of volumes that can be mounted by containers
                          belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes'
                        items:
                          description: Volume represents a named volume in a pod that
                            may be accessed by any container in the pod.
                          properties:
                            awsElasticBlockStore:
                              description: 'awsElasticBlockStore represents an AWS
                                Disk resource that is attached to a kubelet''s host
                                machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
                              properties:
                                fsType:
                                  description: 'fsType is the filesystem type of the
                                    volume that you want to mount. Tip: Ensure that
                                    the filesystem type is supported by the host operating
                                    system. Examples: "ext4", "xfs", "ntfs". Implicitly
                                    inferred to be "ext4" if unspecified. More info:
                                    https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
                                    TODO: how do we prevent errors in the filesystem
                                    from compromising the machine'
                                  type: string
                                partition:
                                  description: 'partition is the partition in the
                                    volume that you want to mount. If omitted, the
                                    default is to mount by volume name. Examples:
                                    For volume /dev/sda1, you specify the partition
                                    as "1". Similarly, the volume partition for /dev/sda
                                    is "0" (or you can leave the property empty).'
                                  format: int32
                                  type: integer
                                readOnly:
                                  description: 'readOnly value true will force the
                                    readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
                                  type: boolean
                                volumeID:
                                  description: 'volumeID is unique ID of the persistent
                                    disk resource in AWS (Amazon EBS volume). More
                                    info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
                                  type: string
                              required:
                              - volumeID
                              type: object
                            azureDisk:
                              description: azureDisk represents an Azure Data Disk
                                mount on the host and bind mount to the pod.
                              properties:
                                cachingMode:
                                  description: 'cachingMode is the Host Caching mode:
                                    None, Read Only, Read Write.'
                                  type: string
                                diskName:
                                  description: diskName is the Name of the data disk
                                    in the blob storage
                                  type: string
                                diskURI:
                                  description: diskURI is the URI of data disk in
                                    the blob storage
                                  type: string
                                fsType:
                                  description: fsType is Filesystem type to mount.
                                    Must be a filesystem type supported by the host
                                    operating system. Ex. "ext4", "xfs", "ntfs". Implicitly
                                    inferred to be "ext4" if unspecified.
                                  type: string
                                kind:
                                  description: 'kind expected values are Shared: multiple
                                    blob disks per storage account  Dedicated: single
                                    blob disk per storage account  Managed: azure
                                    managed data disk (only in managed availability
                                    set). defaults to shared'
                                  type: string
                                readOnly:
                                  description: readOnly Defaults to false (read/write).
                                    ReadOnly here will force the ReadOnly setting
                                    in VolumeMounts.
                                  type: boolean
                              required:
                              - diskName
                              - diskURI
                              type: object
                            azureFile:
                              description: azureFile represents an Azure File Service
                                mount on the host and bind mount to the pod.
                              properties:
                                readOnly:
                                  description: readOnly defaults to false (read/write).
                                    ReadOnly here will force the ReadOnly setting
                                    in VolumeMounts.
                                  type: boolean
                                secretName:
                                  description: secretName is the  name of secret that
                                    contains Azure Storage Account Name and Key
                                  type: string
                                shareName:
                                  description: shareName is the azure share Name
                                  type: string
                              required:
                              - secretName
                              - shareName
                              type: object
                            cephfs:
                              description: cephFS represents a Ceph FS mount on the
                                host that shares a pod's lifetime
                              properties:
                                monitors:
                                  description: 'monitors is Required: Monitors is
                                    a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                                  items:
                                    type: string
                                  type: array
                                path:
                                  description: 'path is Optional: Used as the mounted
                                    root, rather than the full Ceph tree, default
                                    is /'
                                  type: string
                                readOnly:
                                  description: 'readOnly is Optional: Defaults to
                                    false (read/write). ReadOnly here will force the
                                    ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                                  type: boolean
                                secretFile:
                                  description: 'secretFile is Optional: SecretFile
                                    is the path to key ring for User, default is /etc/ceph/user.secret
                                    More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                                  type: string
                                secretRef:
                                  description: 'secretRef is Optional: SecretRef is
                                    reference to the authentication secret for User,
                                    default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                                  properties:
                                    name:
                                      description: 'Name of the referent. More info:
                                        https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                        TODO: Add other useful fields. apiVersion,
                                        kind, uid?'
                                      type: string
                                  type: object
                                user:
                                  description: 'user is optional: User is the rados
                                    user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                                  type: string
                              required:
                              - monitors
                              type: object
                            cinder:
                              description: 'cinder represents a cinder volume attached
                                and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
                              properties:
                                fsType:
                                  description: 'fsType is the filesystem type to mount.
                                    Must be a filesystem type supported by the host
                                    operating system. Examples: "ext4", "xfs", "ntfs".
                                    Implicitly inferred to be "ext4" if unspecified.
                                    More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
                                  type: string
                                readOnly:
                                  description: 'readOnly defaults to false (read/write).
                                    ReadOnly here will force the ReadOnly setting
                                    in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
                                  type: boolean
                                secretRef:
                                  description: 'secretRef is optional: points to a
                                    secret object containing parameters used to connect
                                    to OpenStack.'
                                  properties:
                                    name:
                                      description: 'Name of the referent. More info:
                                        https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                        TODO: Add other useful fields. apiVersion,
                                        kind, uid?'
                                      type: string
                                  type: object
                                volumeID:
                                  description: 'volumeID used to identify the volume
                                    in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
                                  type: string
                              required:
                              - volumeID
                              type: object
                            configMap:
                              description: configMap represents a configMap that should
                                populate this volume
                              properties:
                                defaultMode:
                                  description: 'defaultMode is optional: mode bits
                                    used to set permissions on created files by default.
                                    Must be an octal value between 0000 and 0777 or
                                    a decimal value between 0 and 511. YAML accepts
                                    both octal and decimal values, JSON requires decimal
                                    values for mode bits. Defaults to 0644. Directories
                                    within the path are not affected by this setting.
                                    This might be in conflict with other options that
                                    affect the file mode, like fsGroup, and the result
                                    can be other mode bits set.'
                                  format: int32
                                  type: integer
                                items:
                                  description: items if unspecified, each key-value
                                    pair in the Data field of the referenced ConfigMap
                                    will be projected into the volume as a file whose
                                    name is the key and content is the value. If specified,
                                    the listed keys will be projected into the specified
                                    paths, and unlisted keys will not be present.
                                    If a key is specified which is not present in
                                    the ConfigMap, the volume setup will error unless
                                    it is marked optional. Paths must be relative
                                    and may not contain the '..' path or start with
                                    '..'.
                                  items:
                                    description: Maps a string key to a path within
                                      a volume.
                                    properties:
                                      key:
                                        description: key is the key to project.
                                        type: string
                                      mode:
                                        description: 'mode is Optional: mode bits
                                          used to set permissions on this file. Must
                                          be an octal value between 0000 and 0777
                                          or a decimal value between 0 and 511. YAML
                                          accepts both octal and decimal values, JSON
                                          requires decimal values for mode bits. If
                                          not specified, the volume defaultMode will
                                          be used. This might be in conflict with
                                          other options that affect the file mode,
                                          like fsGroup, and the result can be other
                                          mode bits set.'
                                        format: int32
                                        type: integer
                                      path:
                                        description: path is the relative path of
                                          the file to map the key to. May not be an
                                          absolute path. May not contain the path
                                          element '..'. May not start with the string
                                          '..'.
                                        type: string
                                    required:
                                    - key
                                    - path
                                    type: object
                                  type: array
                                name:
                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    TODO: Add other useful fields. apiVersion, kind,
                                    uid?'
                                  type: string
                                optional:
                                  description: optional specify whether the ConfigMap
                                    or its keys must be defined
                                  type: boolean
                              type: object
                            csi:
                              description: csi (Container Storage Interface) represents
                                ephemeral storage that is handled by certain external
                                CSI drivers (Beta feature).
                              properties:
                                driver:
                                  description: driver is the name of the CSI driver
                                    that handles this volume. Consult with your admin
                                    for the correct name as registered in the cluster.
                                  type: string
                                fsType:
                                  description: fsType to mount. Ex. "ext4", "xfs",
                                    "ntfs". If not provided, the empty value is passed
                                    to the associated CSI driver which will determine
                                    the default filesystem to apply.
                                  type: string
                                nodePublishSecretRef:
                                  description: nodePublishSecretRef is a reference
                                    to the secret object containing sensitive information
                                    to pass to the CSI driver to complete the CSI
                                    NodePublishVolume and NodeUnpublishVolume calls.
                                    This field is optional, and  may be empty if no
                                    secret is required. If the secret object contains
                                    more than one secret, all secret references are
                                    passed.
                                  properties:
                                    name:
                                      description: 'Name of the referent. More info:
                                        https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                        TODO: Add other useful fields. apiVersion,
                                        kind, uid?'
                                      type: string
                                  type: object
                                readOnly:
                                  description: readOnly specifies a read-only configuration
                                    for the volume. Defaults to false (read/write).
                                  type: boolean
                                volumeAttributes:
                                  additionalProperties:
                                    type: string
                                  description: volumeAttributes stores driver-specific
                                    properties that are passed to the CSI driver.
                                    Consult your driver's documentation for supported
                                    values.
                                  type: object
                              required:
                              - driver
                              type: object
                            downwardAPI:
                              description: downwardAPI represents downward API about
                                the pod that should populate this volume
                              properties:
                                defaultMode:
                                  description: 'Optional: mode bits to use on created
                                    files by default. Must be a Optional: mode bits
                                    used to set permissions on created files by default.
                                    Must be an octal value between 0000 and 0777 or
                                    a decimal value between 0 and 511. YAML accepts
                                    both octal and decimal values, JSON requires decimal
                                    values for mode bits. Defaults to 0644. Directories
                                    within the path are not affected by this setting.
                                    This might be in conflict with other options that
                                    affect the file mode, like fsGroup, and the result
                                    can be other mode bits set.'
                                  format: int32
                                  type: integer
                                items:
                                  description: Items is a list of downward API volume
                                    file
                                  items:
                                    description: DownwardAPIVolumeFile represents
                                      information to create the file containing the
                                      pod field
                                    properties:
                                      fieldRef:
                                        description: 'Required: Selects a field of
                                          the pod: only annotations, labels, name
                                          and namespace are supported.'
                                        properties:
                                          apiVersion:
                                            description: Version of the schema the
                                              FieldPath is written in terms of, defaults
                                              to "v1".
                                            type: string
                                          fieldPath:
                                            description: Path of the field to select
                                              in the specified API version.
                                            type: string
                                        required:
                                        - fieldPath
                                        type: object
                                      mode:
                                        description: 'Optional: mode bits used to
                                          set permissions on this file, must be an
                                          octal value between 0000 and 0777 or a decimal
                                          value between 0 and 511. YAML accepts both
                                          octal and decimal values, JSON requires
                                          decimal values for mode bits. If not specified,
                                          the volume defaultMode will be used. This
                                          might be in conflict with other options
                                          that affect the file mode, like fsGroup,
                                          and the result can be other mode bits set.'
                                        format: int32
                                        type: integer
                                      path:
                                        description: 'Required: Path is  the relative
                                          path name of the file to be created. Must
                                          not be absolute or contain the ''..'' path.
                                          Must be utf-8 encoded. The first item of
                                          the relative path must not start with ''..'''
                                        type: string
                                      resourceFieldRef:
                                        description: 'Selects a resource of the container:
                                          only resources limits and requests (limits.cpu,
                                          limits.memory, requests.cpu and requests.memory)
                                          are currently supported.'
                                        properties:
                                          containerName:
                                            description: 'Container name: required
                                              for volumes, optional for env vars'
                                            type: string
                                          divisor:
                                            anyOf:
                                            - type: integer
                                            - type: string
                                            description: Specifies the output format
                                              of the exposed resources, defaults to
                                              "1"
                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                            x-kubernetes-int-or-string: true
                                          resource:
                                            description: 'Required: resource to select'
                                            type: string
                                        required:
                                        - resource
                                        type: object
                                    required:
                                    - path
                                    type: object
                                  type: array
                              type: object
                            emptyDir:
                              description: 'emptyDir represents a temporary directory
                                that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
                              properties:
                                medium:
                                  description: 'medium represents what type of storage
                                    medium should back this directory. The default
                                    is "" which means to use the node''s default medium.
                                    Must be an empty string (default) or Memory. More
                                    info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
                                  type: string
                                sizeLimit:
                                  anyOf:
                                  - type: integer
                                  - type: string
                                  description: 'sizeLimit is the total amount of local
                                    storage required for this EmptyDir volume. The
                                    size limit is also applicable for memory medium.
                                    The maximum usage on memory medium EmptyDir would
                                    be the minimum value between the SizeLimit specified
                                    here and the sum of memory limits of all containers
                                    in a pod. The default is nil which means that
                                    the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                  x-kubernetes-int-or-string: true
                              type: object
                            ephemeral:
                              description: "ephemeral represents a volume that is
                                handled by a cluster storage driver. The volume's
                                lifecycle is tied to the pod that defines it - it
                                will be created before the pod starts, and deleted
                                when the pod is removed. \n Use this if: a) the volume
                                is only needed while the pod runs, b) features of
                                normal volumes like restoring from snapshot or capacity
                                \   tracking are needed, c) the storage driver is
                                specified through a storage class, and d) the storage
                                driver supports dynamic volume provisioning through
                                \   a PersistentVolumeClaim (see EphemeralVolumeSource
                                for more    information on the connection between
                                this volume type    and PersistentVolumeClaim). \n
                                Use PersistentVolumeClaim or one of the vendor-specific
                                APIs for volumes that persist for longer than the
                                lifecycle of an individual pod. \n Use CSI for light-weight
                                local ephemeral volumes if the CSI driver is meant
                                to be used that way - see the documentation of the
                                driver for more information. \n A pod can use both
                                types of ephemeral volumes and persistent volumes
                                at the same time."
                              properties:
                                volumeClaimTemplate:
                                  description: "Will be used to create a stand-alone
                                    PVC to provision the volume. The pod in which
                                    this EphemeralVolumeSource is embedded will be
                                    the owner of the PVC, i.e. the PVC will be deleted
                                    together with the pod.  The name of the PVC will
                                    be `<pod name>-<volume name>` where `<volume name>`
                                    is the name from the `PodSpec.Volumes` array entry.
                                    Pod validation will reject the pod if the concatenated
                                    name is not valid for a PVC (for example, too
                                    long). \n An existing PVC with that name that
                                    is not owned by the pod will *not* be used for
                                    the pod to avoid using an unrelated volume by
                                    mistake. Starting the pod is then blocked until
                                    the unrelated PVC is removed. If such a pre-created
                                    PVC is meant to be used by the pod, the PVC has
                                    to updated with an owner reference to the pod
                                    once the pod exists. Normally this should not
                                    be necessary, but it may be useful when manually
                                    reconstructing a broken cluster. \n This field
                                    is read-only and no changes will be made by Kubernetes
                                    to the PVC after it has been created. \n Required,
                                    must not be nil."
                                  properties:
                                    metadata:
                                      description: May contain labels and annotations
                                        that will be copied into the PVC when creating
                                        it. No other fields are allowed and will be
                                        rejected during validation.
                                      type: object
                                    spec:
                                      description: The specification for the PersistentVolumeClaim.
                                        The entire content is copied unchanged into
                                        the PVC that gets created from this template.
                                        The same fields as in a PersistentVolumeClaim
                                        are also valid here.
                                      properties:
                                        accessModes:
                                          description: 'accessModes contains the desired
                                            access modes the volume should have. More
                                            info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
                                          items:
                                            type: string
                                          type: array
                                        dataSource:
                                          description: 'dataSource field can be used
                                            to specify either: * An existing VolumeSnapshot
                                            object (snapshot.storage.k8s.io/VolumeSnapshot)
                                            * An existing PVC (PersistentVolumeClaim)
                                            If the provisioner or an external controller
                                            can support the specified data source,
                                            it will create a new volume based on the
                                            contents of the specified data source.
                                            If the AnyVolumeDataSource feature gate
                                            is enabled, this field will always have
                                            the same contents as the DataSourceRef
                                            field.'
                                          properties:
                                            apiGroup:
                                              description: APIGroup is the group for
                                                the resource being referenced. If
                                                APIGroup is not specified, the specified
                                                Kind must be in the core API group.
                                                For any other third-party types, APIGroup
                                                is required.
                                              type: string
                                            kind:
                                              description: Kind is the type of resource
                                                being referenced
                                              type: string
                                            name:
                                              description: Name is the name of resource
                                                being referenced
                                              type: string
                                          required:
                                          - kind
                                          - name
                                          type: object
                                        dataSourceRef:
                                          description: 'dataSourceRef specifies the
                                            object from which to populate the volume
                                            with data, if a non-empty volume is desired.
                                            This may be any local object from a non-empty
                                            API group (non core object) or a PersistentVolumeClaim
                                            object. When this field is specified,
                                            volume binding will only succeed if the
                                            type of the specified object matches some
                                            installed volume populator or dynamic
                                            provisioner. This field will replace the
                                            functionality of the DataSource field
                                            and as such if both fields are non-empty,
                                            they must have the same value. For backwards
                                            compatibility, both fields (DataSource
                                            and DataSourceRef) will be set to the
                                            same value automatically if one of them
                                            is empty and the other is non-empty. There
                                            are two important differences between
                                            DataSource and DataSourceRef: * While
                                            DataSource only allows two specific types
                                            of objects, DataSourceRef   allows any
                                            non-core object, as well as PersistentVolumeClaim
                                            objects. * While DataSource ignores disallowed
                                            values (dropping them), DataSourceRef   preserves
                                            all values, and generates an error if
                                            a disallowed value is   specified. (Beta)
                                            Using this field requires the AnyVolumeDataSource
                                            feature gate to be enabled.'
                                          properties:
                                            apiGroup:
                                              description: APIGroup is the group for
                                                the resource being referenced. If
                                                APIGroup is not specified, the specified
                                                Kind must be in the core API group.
                                                For any other third-party types, APIGroup
                                                is required.
                                              type: string
                                            kind:
                                              description: Kind is the type of resource
                                                being referenced
                                              type: string
                                            name:
                                              description: Name is the name of resource
                                                being referenced
                                              type: string
                                          required:
                                          - kind
                                          - name
                                          type: object
                                        resources:
                                          description: 'resources represents the minimum
                                            resources the volume should have. If RecoverVolumeExpansionFailure
                                            feature is enabled users are allowed to
                                            specify resource requirements that are
                                            lower than previous value but must still
                                            be higher than capacity recorded in the
                                            status field of the claim. More info:
                                            https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
                                          properties:
                                            limits:
                                              additionalProperties:
                                                anyOf:
                                                - type: integer
                                                - type: string
                                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                x-kubernetes-int-or-string: true
                                              description: 'Limits describes the maximum
                                                amount of compute resources allowed.
                                                More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                              type: object
                                            requests:
                                              additionalProperties:
                                                anyOf:
                                                - type: integer
                                                - type: string
                                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                x-kubernetes-int-or-string: true
                                              description: 'Requests describes the
                                                minimum amount of compute resources
                                                required. If Requests is omitted for
                                                a container, it defaults to Limits
                                                if that is explicitly specified, otherwise
                                                to an implementation-defined value.
                                                More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                              type: object
                                          type: object
                                        selector:
                                          description: selector is a label query over
                                            volumes to consider for binding.
                                          properties:
                                            matchExpressions:
                                              description: matchExpressions is a list
                                                of label selector requirements. The
                                                requirements are ANDed.
                                              items:
                                                description: A label selector requirement
                                                  is a selector that contains values,
                                                  a key, and an operator that relates
                                                  the key and values.
                                                properties:
                                                  key:
                                                    description: key is the label
                                                      key that the selector applies
                                                      to.
                                                    type: string
                                                  operator:
                                                    description: operator represents
                                                      a key's relationship to a set
                                                      of values. Valid operators are
                                                      In, NotIn, Exists and DoesNotExist.
                                                    type: string
                                                  values:
                                                    description: values is an array
                                                      of string values. If the operator
                                                      is In or NotIn, the values array
                                                      must be non-empty. If the operator
                                                      is Exists or DoesNotExist, the
                                                      values array must be empty.
                                                      This array is replaced during
                                                      a strategic merge patch.
                                                    items:
                                                      type: string
                                                    type: array
                                                required:
                                                - key
                                                - operator
                                                type: object
                                              type: array
                                            matchLabels:
                                              additionalProperties:
                                                type: string
                                              description: matchLabels is a map of
                                                {key,value} pairs. A single {key,value}
                                                in the matchLabels map is equivalent
                                                to an element of matchExpressions,
                                                whose key field is "key", the operator
                                                is "In", and the values array contains
                                                only "value". The requirements are
                                                ANDed.
                                              type: object
                                          type: object
                                        storageClassName:
                                          description: 'storageClassName is the name
                                            of the StorageClass required by the claim.
                                            More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
                                          type: string
                                        volumeMode:
                                          description: volumeMode defines what type
                                            of volume is required by the claim. Value
                                            of Filesystem is implied when not included
                                            in claim spec.
                                          type: string
                                        volumeName:
                                          description: volumeName is the binding reference
                                            to the PersistentVolume backing this claim.
                                          type: string
                                      type: object
                                  required:
                                  - spec
                                  type: object
                              type: object
                            fc:
                              description: fc represents a Fibre Channel resource
                                that is attached to a kubelet's host machine and then
                                exposed to the pod.
                              properties:
                                fsType:
                                  description: 'fsType is the filesystem type to mount.
                                    Must be a filesystem type supported by the host
                                    operating system. Ex. "ext4", "xfs", "ntfs". Implicitly
                                    inferred to be "ext4" if unspecified. TODO: how
                                    do we prevent errors in the filesystem from compromising
                                    the machine'
                                  type: string
                                lun:
                                  description: 'lun is Optional: FC target lun number'
                                  format: int32
                                  type: integer
                                readOnly:
                                  description: 'readOnly is Optional: Defaults to
                                    false (read/write). ReadOnly here will force the
                                    ReadOnly setting in VolumeMounts.'
                                  type: boolean
                                targetWWNs:
                                  description: 'targetWWNs is Optional: FC target
                                    worldwide names (WWNs)'
                                  items:
                                    type: string
                                  type: array
                                wwids:
                                  description: 'wwids Optional: FC volume world wide
                                    identifiers (wwids) Either wwids or combination
                                    of targetWWNs and lun must be set, but not both
                                    simultaneously.'
                                  items:
                                    type: string
                                  type: array
                              type: object
                            flexVolume:
                              description: flexVolume represents a generic volume
                                resource that is provisioned/attached using an exec
                                based plugin.
                              properties:
                                driver:
                                  description: driver is the name of the driver to
                                    use for this volume.
                                  type: string
                                fsType:
                                  description: fsType is the filesystem type to mount.
                                    Must be a filesystem type supported by the host
                                    operating system. Ex. "ext4", "xfs", "ntfs". The
                                    default filesystem depends on FlexVolume script.
                                  type: string
                                options:
                                  additionalProperties:
                                    type: string
                                  description: 'options is Optional: this field holds
                                    extra command options if any.'
                                  type: object
                                readOnly:
                                  description: 'readOnly is Optional: defaults to
                                    false (read/write). ReadOnly here will force the
                                    ReadOnly setting in VolumeMounts.'
                                  type: boolean
                                secretRef:
                                  description: 'secretRef is Optional: secretRef is
                                    reference to the secret object containing sensitive
                                    information to pass to the plugin scripts. This
                                    may be empty if no secret object is specified.
                                    If the secret object contains more than one secret,
                                    all secrets are passed to the plugin scripts.'
                                  properties:
                                    name:
                                      description: 'Name of the referent. More info:
                                        https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                        TODO: Add other useful fields. apiVersion,
                                        kind, uid?'
                                      type: string
                                  type: object
                              required:
                              - driver
                              type: object
                            flocker:
                              description: flocker represents a Flocker volume attached
                                to a kubelet's host machine. This depends on the Flocker
                                control service being running
                              properties:
                                datasetName:
                                  description: datasetName is Name of the dataset
                                    stored as metadata -> name on the dataset for
                                    Flocker should be considered as deprecated
                                  type: string
                                datasetUUID:
                                  description: datasetUUID is the UUID of the dataset.
                                    This is unique identifier of a Flocker dataset
                                  type: string
                              type: object
                            gcePersistentDisk:
                              description: 'gcePersistentDisk represents a GCE Disk
                                resource that is attached to a kubelet''s host machine
                                and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
                              properties:
                                fsType:
                                  description: 'fsType is filesystem type of the volume
                                    that you want to mount. Tip: Ensure that the filesystem
                                    type is supported by the host operating system.
                                    Examples: "ext4", "xfs", "ntfs". Implicitly inferred
                                    to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
                                    TODO: how do we prevent errors in the filesystem
                                    from compromising the machine'
                                  type: string
                                partition:
                                  description: 'partition is the partition in the
                                    volume that you want to mount. If omitted, the
                                    default is to mount by volume name. Examples:
                                    For volume /dev/sda1, you specify the partition
                                    as "1". Similarly, the volume partition for /dev/sda
                                    is "0" (or you can leave the property empty).
                                    More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
                                  format: int32
                                  type: integer
                                pdName:
                                  description: 'pdName is unique name of the PD resource
                                    in GCE. Used to identify the disk in GCE. More
                                    info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
                                  type: string
                                readOnly:
                                  description: 'readOnly here will force the ReadOnly
                                    setting in VolumeMounts. Defaults to false. More
                                    info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
                                  type: boolean
                              required:
                              - pdName
                              type: object
                            gitRepo:
                              description: 'gitRepo represents a git repository at
                                a particular revision. DEPRECATED: GitRepo is deprecated.
                                To provision a container with a git repo, mount an
                                EmptyDir into an InitContainer that clones the repo
                                using git, then mount the EmptyDir into the Pod''s
                                container.'
                              properties:
                                directory:
                                  description: directory is the target directory name.
                                    Must not contain or start with '..'.  If '.' is
                                    supplied, the volume directory will be the git
                                    repository.  Otherwise, if specified, the volume
                                    will contain the git repository in the subdirectory
                                    with the given name.
                                  type: string
                                repository:
                                  description: repository is the URL
                                  type: string
                                revision:
                                  description: revision is the commit hash for the
                                    specified revision.
                                  type: string
                              required:
                              - repository
                              type: object
                            glusterfs:
                              description: 'glusterfs represents a Glusterfs mount
                                on the host that shares a pod''s lifetime. More info:
                                https://examples.k8s.io/volumes/glusterfs/README.md'
                              properties:
                                endpoints:
                                  description: 'endpoints is the endpoint name that
                                    details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
                                  type: string
                                path:
                                  description: 'path is the Glusterfs volume path.
                                    More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
                                  type: string
                                readOnly:
                                  description: 'readOnly here will force the Glusterfs
                                    volume to be mounted with read-only permissions.
                                    Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
                                  type: boolean
                              required:
                              - endpoints
                              - path
                              type: object
                            hostPath:
                              description: 'hostPath represents a pre-existing file
                                or directory on the host machine that is directly
                                exposed to the container. This is generally used for
                                system agents or other privileged things that are
                                allowed to see the host machine. Most containers will
                                NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
                                --- TODO(jonesdl) We need to restrict who can use
                                host directory mounts and who can/can not mount host
                                directories as read/write.'
                              properties:
                                path:
                                  description: 'path of the directory on the host.
                                    If the path is a symlink, it will follow the link
                                    to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
                                  type: string
                                type:
                                  description: 'type for HostPath Volume Defaults
                                    to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
                                  type: string
                              required:
                              - path
                              type: object
                            iscsi:
                              description: 'iscsi represents an ISCSI Disk resource
                                that is attached to a kubelet''s host machine and
                                then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
                              properties:
                                chapAuthDiscovery:
                                  description: chapAuthDiscovery defines whether support
                                    iSCSI Discovery CHAP authentication
                                  type: boolean
                                chapAuthSession:
                                  description: chapAuthSession defines whether support
                                    iSCSI Session CHAP authentication
                                  type: boolean
                                fsType:
                                  description: 'fsType is the filesystem type of the
                                    volume that you want to mount. Tip: Ensure that
                                    the filesystem type is supported by the host operating
                                    system. Examples: "ext4", "xfs", "ntfs". Implicitly
                                    inferred to be "ext4" if unspecified. More info:
                                    https://kubernetes.io/docs/concepts/storage/volumes#iscsi
                                    TODO: how do we prevent errors in the filesystem
                                    from compromising the machine'
                                  type: string
                                initiatorName:
                                  description: initiatorName is the custom iSCSI Initiator
                                    Name. If initiatorName is specified with iscsiInterface
                                    simultaneously, new iSCSI interface <target portal>:<volume
                                    name> will be created for the connection.
                                  type: string
                                iqn:
                                  description: iqn is the target iSCSI Qualified Name.
                                  type: string
                                iscsiInterface:
                                  description: iscsiInterface is the interface Name
                                    that uses an iSCSI transport. Defaults to 'default'
                                    (tcp).
                                  type: string
                                lun:
                                  description: lun represents iSCSI Target Lun number.
                                  format: int32
                                  type: integer
                                portals:
                                  description: portals is the iSCSI Target Portal
                                    List. The portal is either an IP or ip_addr:port
                                    if the port is other than default (typically TCP
                                    ports 860 and 3260).
                                  items:
                                    type: string
                                  type: array
                                readOnly:
                                  description: readOnly here will force the ReadOnly
                                    setting in VolumeMounts. Defaults to false.
                                  type: boolean
                                secretRef:
                                  description: secretRef is the CHAP Secret for iSCSI
                                    target and initiator authentication
                                  properties:
                                    name:
                                      description: 'Name of the referent. More info:
                                        https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                        TODO: Add other useful fields. apiVersion,
                                        kind, uid?'
                                      type: string
                                  type: object
                                targetPortal:
                                  description: targetPortal is iSCSI Target Portal.
                                    The Portal is either an IP or ip_addr:port if
                                    the port is other than default (typically TCP
                                    ports 860 and 3260).
                                  type: string
                              required:
                              - iqn
                              - lun
                              - targetPortal
                              type: object
                            name:
                              description: 'name of the volume. Must be a DNS_LABEL
                                and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
                              type: string
                            nfs:
                              description: 'nfs represents an NFS mount on the host
                                that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
                              properties:
                                path:
                                  description: 'path that is exported by the NFS server.
                                    More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
                                  type: string
                                readOnly:
                                  description: 'readOnly here will force the NFS export
                                    to be mounted with read-only permissions. Defaults
                                    to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
                                  type: boolean
                                server:
                                  description: 'server is the hostname or IP address
                                    of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
                                  type: string
                              required:
                              - path
                              - server
                              type: object
                            persistentVolumeClaim:
                              description: 'persistentVolumeClaimVolumeSource represents
                                a reference to a PersistentVolumeClaim in the same
                                namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
                              properties:
                                claimName:
                                  description: 'claimName is the name of a PersistentVolumeClaim
                                    in the same namespace as the pod using this volume.
                                    More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
                                  type: string
                                readOnly:
                                  description: readOnly Will force the ReadOnly setting
                                    in VolumeMounts. Default false.
                                  type: boolean
                              required:
                              - claimName
                              type: object
                            photonPersistentDisk:
                              description: photonPersistentDisk represents a PhotonController
                                persistent disk attached and mounted on kubelets host
                                machine
                              properties:
                                fsType:
                                  description: fsType is the filesystem type to mount.
                                    Must be a filesystem type supported by the host
                                    operating system. Ex. "ext4", "xfs", "ntfs". Implicitly
                                    inferred to be "ext4" if unspecified.
                                  type: string
                                pdID:
                                  description: pdID is the ID that identifies Photon
                                    Controller persistent disk
                                  type: string
                              required:
                              - pdID
                              type: object
                            portworxVolume:
                              description: portworxVolume represents a portworx volume
                                attached and mounted on kubelets host machine
                              properties:
                                fsType:
                                  description: fSType represents the filesystem type
                                    to mount Must be a filesystem type supported by
                                    the host operating system. Ex. "ext4", "xfs".
                                    Implicitly inferred to be "ext4" if unspecified.
                                  type: string
                                readOnly:
                                  description: readOnly defaults to false (read/write).
                                    ReadOnly here will force the ReadOnly setting
                                    in VolumeMounts.
                                  type: boolean
                                volumeID:
                                  description: volumeID uniquely identifies a Portworx
                                    volume
                                  type: string
                              required:
                              - volumeID
                              type: object
                            projected:
                              description: projected items for all in one resources
                                secrets, configmaps, and downward API
                              properties:
                                defaultMode:
                                  description: defaultMode are the mode bits used
                                    to set permissions on created files by default.
                                    Must be an octal value between 0000 and 0777 or
                                    a decimal value between 0 and 511. YAML accepts
                                    both octal and decimal values, JSON requires decimal
                                    values for mode bits. Directories within the path
                                    are not affected by this setting. This might be
                                    in conflict with other options that affect the
                                    file mode, like fsGroup, and the result can be
                                    other mode bits set.
                                  format: int32
                                  type: integer
                                sources:
                                  description: sources is the list of volume projections
                                  items:
                                    description: Projection that may be projected
                                      along with other supported volume types
                                    properties:
                                      configMap:
                                        description: configMap information about the
                                          configMap data to project
                                        properties:
                                          items:
                                            description: items if unspecified, each
                                              key-value pair in the Data field of
                                              the referenced ConfigMap will be projected
                                              into the volume as a file whose name
                                              is the key and content is the value.
                                              If specified, the listed keys will be
                                              projected into the specified paths,
                                              and unlisted keys will not be present.
                                              If a key is specified which is not present
                                              in the ConfigMap, the volume setup will
                                              error unless it is marked optional.
                                              Paths must be relative and may not contain
                                              the '..' path or start with '..'.
                                            items:
                                              description: Maps a string key to a
                                                path within a volume.
                                              properties:
                                                key:
                                                  description: key is the key to project.
                                                  type: string
                                                mode:
                                                  description: 'mode is Optional:
                                                    mode bits used to set permissions
                                                    on this file. Must be an octal
                                                    value between 0000 and 0777 or
                                                    a decimal value between 0 and
                                                    511. YAML accepts both octal and
                                                    decimal values, JSON requires
                                                    decimal values for mode bits.
                                                    If not specified, the volume defaultMode
                                                    will be used. This might be in
                                                    conflict with other options that
                                                    affect the file mode, like fsGroup,
                                                    and the result can be other mode
                                                    bits set.'
                                                  format: int32
                                                  type: integer
                                                path:
                                                  description: path is the relative
                                                    path of the file to map the key
                                                    to. May not be an absolute path.
                                                    May not contain the path element
                                                    '..'. May not start with the string
                                                    '..'.
                                                  type: string
                                              required:
                                              - key
                                              - path
                                              type: object
                                            type: array
                                          name:
                                            description: 'Name of the referent. More
                                              info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                              TODO: Add other useful fields. apiVersion,
                                              kind, uid?'
                                            type: string
                                          optional:
                                            description: optional specify whether
                                              the ConfigMap or its keys must be defined
                                            type: boolean
                                        type: object
                                      downwardAPI:
                                        description: downwardAPI information about
                                          the downwardAPI data to project
                                        properties:
                                          items:
                                            description: Items is a list of DownwardAPIVolume
                                              file
                                            items:
                                              description: DownwardAPIVolumeFile represents
                                                information to create the file containing
                                                the pod field
                                              properties:
                                                fieldRef:
                                                  description: 'Required: Selects
                                                    a field of the pod: only annotations,
                                                    labels, name and namespace are
                                                    supported.'
                                                  properties:
                                                    apiVersion:
                                                      description: Version of the
                                                        schema the FieldPath is written
                                                        in terms of, defaults to "v1".
                                                      type: string
                                                    fieldPath:
                                                      description: Path of the field
                                                        to select in the specified
                                                        API version.
                                                      type: string
                                                  required:
                                                  - fieldPath
                                                  type: object
                                                mode:
                                                  description: 'Optional: mode bits
                                                    used to set permissions on this
                                                    file, must be an octal value between
                                                    0000 and 0777 or a decimal value
                                                    between 0 and 511. YAML accepts
                                                    both octal and decimal values,
                                                    JSON requires decimal values for
                                                    mode bits. If not specified, the
                                                    volume defaultMode will be used.
                                                    This might be in conflict with
                                                    other options that affect the
                                                    file mode, like fsGroup, and the
                                                    result can be other mode bits
                                                    set.'
                                                  format: int32
                                                  type: integer
                                                path:
                                                  description: 'Required: Path is  the
                                                    relative path name of the file
                                                    to be created. Must not be absolute
                                                    or contain the ''..'' path. Must
                                                    be utf-8 encoded. The first item
                                                    of the relative path must not
                                                    start with ''..'''
                                                  type: string
                                                resourceFieldRef:
                                                  description: 'Selects a resource
                                                    of the container: only resources
                                                    limits and requests (limits.cpu,
                                                    limits.memory, requests.cpu and
                                                    requests.memory) are currently
                                                    supported.'
                                                  properties:
                                                    containerName:
                                                      description: 'Container name:
                                                        required for volumes, optional
                                                        for env vars'
                                                      type: string
                                                    divisor:
                                                      anyOf:
                                                      - type: integer
                                                      - type: string
                                                      description: Specifies the output
                                                        format of the exposed resources,
                                                        defaults to "1"
                                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                      x-kubernetes-int-or-string: true
                                                    resource:
                                                      description: 'Required: resource
                                                        to select'
                                                      type: string
                                                  required:
                                                  - resource
                                                  type: object
                                              required:
                                              - path
                                              type: object
                                            type: array
                                        type: object
                                      secret:
                                        description: secret information about the
                                          secret data to project
                                        properties:
                                          items:
                                            description: items if unspecified, each
                                              key-value pair in the Data field of
                                              the referenced Secret will be projected
                                              into the volume as a file whose name
                                              is the key and content is the value.
                                              If specified, the listed keys will be
                                              projected into the specified paths,
                                              and unlisted keys will not be present.
                                              If a key is specified which is not present
                                              in the Secret, the volume setup will
                                              error unless it is marked optional.
                                              Paths must be relative and may not contain
                                              the '..' path or start with '..'.
                                            items:
                                              description: Maps a string key to a
                                                path within a volume.
                                              properties:
                                                key:
                                                  description: key is the key to project.
                                                  type: string
                                                mode:
                                                  description: 'mode is Optional:
                                                    mode bits used to set permissions
                                                    on this file. Must be an octal
                                                    value between 0000 and 0777 or
                                                    a decimal value between 0 and
                                                    511. YAML accepts both octal and
                                                    decimal values, JSON requires
                                                    decimal values for mode bits.
                                                    If not specified, the volume defaultMode
                                                    will be used. This might be in
                                                    conflict with other options that
                                                    affect the file mode, like fsGroup,
                                                    and the result can be other mode
                                                    bits set.'
                                                  format: int32
                                                  type: integer
                                                path:
                                                  description: path is the relative
                                                    path of the file to map the key
                                                    to. May not be an absolute path.
                                                    May not contain the path element
                                                    '..'. May not start with the string
                                                    '..'.
                                                  type: string
                                              required:
                                              - key
                                              - path
                                              type: object
                                            type: array
                                          name:
                                            description: 'Name of the referent. More
                                              info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                              TODO: Add other useful fields. apiVersion,
                                              kind, uid?'
                                            type: string
                                          optional:
                                            description: optional field specify whether
                                              the Secret or its key must be defined
                                            type: boolean
                                        type: object
                                      serviceAccountToken:
                                        description: serviceAccountToken is information
                                          about the serviceAccountToken data to project
                                        properties:
                                          audience:
                                            description: audience is the intended
                                              audience of the token. A recipient of
                                              a token must identify itself with an
                                              identifier specified in the audience
                                              of the token, and otherwise should reject
                                              the token. The audience defaults to
                                              the identifier of the apiserver.
                                            type: string
                                          expirationSeconds:
                                            description: expirationSeconds is the
                                              requested duration of validity of the
                                              service account token. As the token
                                              approaches expiration, the kubelet volume
                                              plugin will proactively rotate the service
                                              account token. The kubelet will start
                                              trying to rotate the token if the token
                                              is older than 80 percent of its time
                                              to live or if the token is older than
                                              24 hours.Defaults to 1 hour and must
                                              be at least 10 minutes.
                                            format: int64
                                            type: integer
                                          path:
                                            description: path is the path relative
                                              to the mount point of the file to project
                                              the token into.
                                            type: string
                                        required:
                                        - path
                                        type: object
                                    type: object
                                  type: array
                              type: object
                            quobyte:
                              description: quobyte represents a Quobyte mount on the
                                host that shares a pod's lifetime
                              properties:
                                group:
                                  description: group to map volume access to Default
                                    is no group
                                  type: string
                                readOnly:
                                  description: readOnly here will force the Quobyte
                                    volume to be mounted with read-only permissions.
                                    Defaults to false.
                                  type: boolean
                                registry:
                                  description: registry represents a single or multiple
                                    Quobyte Registry services specified as a string
                                    as host:port pair (multiple entries are separated
                                    with commas) which acts as the central registry
                                    for volumes
                                  type: string
                                tenant:
                                  description: tenant owning the given Quobyte volume
                                    in the Backend Used with dynamically provisioned
                                    Quobyte volumes, value is set by the plugin
                                  type: string
                                user:
                                  description: user to map volume access to Defaults
                                    to serivceaccount user
                                  type: string
                                volume:
                                  description: volume is a string that references
                                    an already created Quobyte volume by name.
                                  type: string
                              required:
                              - registry
                              - volume
                              type: object
                            rbd:
                              description: 'rbd represents a Rados Block Device mount
                                on the host that shares a pod''s lifetime. More info:
                                https://examples.k8s.io/volumes/rbd/README.md'
                              properties:
                                fsType:
                                  description: 'fsType is the filesystem type of the
                                    volume that you want to mount. Tip: Ensure that
                                    the filesystem type is supported by the host operating
                                    system. Examples: "ext4", "xfs", "ntfs". Implicitly
                                    inferred to be "ext4" if unspecified. More info:
                                    https://kubernetes.io/docs/concepts/storage/volumes#rbd
                                    TODO: how do we prevent errors in the filesystem
                                    from compromising the machine'
                                  type: string
                                image:
                                  description: 'image is the rados image name. More
                                    info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                  type: string
                                keyring:
                                  description: 'keyring is the path to key ring for
                                    RBDUser. Default is /etc/ceph/keyring. More info:
                                    https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                  type: string
                                monitors:
                                  description: 'monitors is a collection of Ceph monitors.
                                    More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                  items:
                                    type: string
                                  type: array
                                pool:
                                  description: 'pool is the rados pool name. Default
                                    is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                  type: string
                                readOnly:
                                  description: 'readOnly here will force the ReadOnly
                                    setting in VolumeMounts. Defaults to false. More
                                    info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                  type: boolean
                                secretRef:
                                  description: 'secretRef is name of the authentication
                                    secret for RBDUser. If provided overrides keyring.
                                    Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                  properties:
                                    name:
                                      description: 'Name of the referent. More info:
                                        https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                        TODO: Add other useful fields. apiVersion,
                                        kind, uid?'
                                      type: string
                                  type: object
                                user:
                                  description: 'user is the rados user name. Default
                                    is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                  type: string
                              required:
                              - image
                              - monitors
                              type: object
                            scaleIO:
                              description: scaleIO represents a ScaleIO persistent
                                volume attached and mounted on Kubernetes nodes.
                              properties:
                                fsType:
                                  description: fsType is the filesystem type to mount.
                                    Must be a filesystem type supported by the host
                                    operating system. Ex. "ext4", "xfs", "ntfs". Default
                                    is "xfs".
                                  type: string
                                gateway:
                                  description: gateway is the host address of the
                                    ScaleIO API Gateway.
                                  type: string
                                protectionDomain:
                                  description: protectionDomain is the name of the
                                    ScaleIO Protection Domain for the configured storage.
                                  type: string
                                readOnly:
                                  description: readOnly Defaults to false (read/write).
                                    ReadOnly here will force the ReadOnly setting
                                    in VolumeMounts.
                                  type: boolean
                                secretRef:
                                  description: secretRef references to the secret
                                    for ScaleIO user and other sensitive information.
                                    If this is not provided, Login operation will
                                    fail.
                                  properties:
                                    name:
                                      description: 'Name of the referent. More info:
                                        https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                        TODO: Add other useful fields. apiVersion,
                                        kind, uid?'
                                      type: string
                                  type: object
                                sslEnabled:
                                  description: sslEnabled Flag enable/disable SSL
                                    communication with Gateway, default false
                                  type: boolean
                                storageMode:
                                  description: storageMode indicates whether the storage
                                    for a volume should be ThickProvisioned or ThinProvisioned.
                                    Default is ThinProvisioned.
                                  type: string
                                storagePool:
                                  description: storagePool is the ScaleIO Storage
                                    Pool associated with the protection domain.
                                  type: string
                                system:
                                  description: system is the name of the storage system
                                    as configured in ScaleIO.
                                  type: string
                                volumeName:
                                  description: volumeName is the name of a volume
                                    already created in the ScaleIO system that is
                                    associated with this volume source.
                                  type: string
                              required:
                              - gateway
                              - secretRef
                              - system
                              type: object
                            secret:
                              description: 'secret represents a secret that should
                                populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
                              properties:
                                defaultMode:
                                  description: 'defaultMode is Optional: mode bits
                                    used to set permissions on created files by default.
                                    Must be an octal value between 0000 and 0777 or
                                    a decimal value between 0 and 511. YAML accepts
                                    both octal and decimal values, JSON requires decimal
                                    values for mode bits. Defaults to 0644. Directories
                                    within the path are not affected by this setting.
                                    This might be in conflict with other options that
                                    affect the file mode, like fsGroup, and the result
                                    can be other mode bits set.'
                                  format: int32
                                  type: integer
                                items:
                                  description: items If unspecified, each key-value
                                    pair in the Data field of the referenced Secret
                                    will be projected into the volume as a file whose
                                    name is the key and content is the value. If specified,
                                    the listed keys will be projected into the specified
                                    paths, and unlisted keys will not be present.
                                    If a key is specified which is not present in
                                    the Secret, the volume setup will error unless
                                    it is marked optional. Paths must be relative
                                    and may not contain the '..' path or start with
                                    '..'.
                                  items:
                                    description: Maps a string key to a path within
                                      a volume.
                                    properties:
                                      key:
                                        description: key is the key to project.
                                        type: string
                                      mode:
                                        description: 'mode is Optional: mode bits
                                          used to set permissions on this file. Must
                                          be an octal value between 0000 and 0777
                                          or a decimal value between 0 and 511. YAML
                                          accepts both octal and decimal values, JSON
                                          requires decimal values for mode bits. If
                                          not specified, the volume defaultMode will
                                          be used. This might be in conflict with
                                          other options that affect the file mode,
                                          like fsGroup, and the result can be other
                                          mode bits set.'
                                        format: int32
                                        type: integer
                                      path:
                                        description: path is the relative path of
                                          the file to map the key to. May not be an
                                          absolute path. May not contain the path
                                          element '..'. May not start with the string
                                          '..'.
                                        type: string
                                    required:
                                    - key
                                    - path
                                    type: object
                                  type: array
                                optional:
                                  description: optional field specify whether the
                                    Secret or its keys must be defined
                                  type: boolean
                                secretName:
                                  description: 'secretName is the name of the secret
                                    in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
                                  type: string
                              type: object
                            storageos:
                              description: storageOS represents a StorageOS volume
                                attached and mounted on Kubernetes nodes.
                              properties:
                                fsType:
                                  description: fsType is the filesystem type to mount.
                                    Must be a filesystem type supported by the host
                                    operating system. Ex. "ext4", "xfs", "ntfs". Implicitly
                                    inferred to be "ext4" if unspecified.
                                  type: string
                                readOnly:
                                  description: readOnly defaults to false (read/write).
                                    ReadOnly here will force the ReadOnly setting
                                    in VolumeMounts.
                                  type: boolean
                                secretRef:
                                  description: secretRef specifies the secret to use
                                    for obtaining the StorageOS API credentials.  If
                                    not specified, default values will be attempted.
                                  properties:
                                    name:
                                      description: 'Name of the referent. More info:
                                        https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                        TODO: Add other useful fields. apiVersion,
                                        kind, uid?'
                                      type: string
                                  type: object
                                volumeName:
                                  description: volumeName is the human-readable name
                                    of the StorageOS volume.  Volume names are only
                                    unique within a namespace.
                                  type: string
                                volumeNamespace:
                                  description: volumeNamespace specifies the scope
                                    of the volume within StorageOS.  If no namespace
                                    is specified then the Pod's namespace will be
                                    used.  This allows the Kubernetes name scoping
                                    to be mirrored within StorageOS for tighter integration.
                                    Set VolumeName to any name to override the default
                                    behaviour. Set to "default" if you are not using
                                    namespaces within StorageOS. Namespaces that do
                                    not pre-exist within StorageOS will be created.
                                  type: string
                              type: object
                            vsphereVolume:
                              description: vsphereVolume represents a vSphere volume
                                attached and mounted on kubelets host machine
                              properties:
                                fsType:
                                  description: fsType is filesystem type to mount.
                                    Must be a filesystem type supported by the host
                                    operating system. Ex. "ext4", "xfs", "ntfs". Implicitly
                                    inferred to be "ext4" if unspecified.
                                  type: string
                                storagePolicyID:
                                  description: storagePolicyID is the storage Policy
                                    Based Management (SPBM) profile ID associated
                                    with the StoragePolicyName.
                                  type: string
                                storagePolicyName:
                                  description: storagePolicyName is the storage Policy
                                    Based Management (SPBM) profile name.
                                  type: string
                                volumePath:
                                  description: volumePath is the path that identifies
                                    vSphere volume vmdk
                                  type: string
                              required:
                              - volumePath
                              type: object
                          required:
                          - name
                          type: object
                        type: array
                        x-kubernetes-list-type: atomic
                    type: object
                  resources:
                    description: Resources is a list of bindings specifying which
                      actual instances of PipelineResources to use for the resources
                      the Pipeline has declared it needs.
                    items:
                      description: PipelineResourceBinding connects a reference to
                        an instance of a PipelineResource with a PipelineResource
                        dependency that the Pipeline has declared
                      properties:
                        name:
                          description: Name is the name of the PipelineResource in
                            the Pipeline's declaration
                          type: string
                        resourceRef:
                          description: ResourceRef is a reference to the instance
                            of the actual PipelineResource that should be used
                          properties:
                            apiVersion:
                              description: API version of the referent
                              type: string
                            name:
                              description: 'Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names'
                              type: string
                          type: object
                        resourceSpec:
                          description: ResourceSpec is specification of a resource
                            that should be created and consumed by the task
                          properties:
                            description:
                              description: Description is a user-facing description
                                of the resource that may be used to populate a UI.
                              type: string
                            params:
                              items:
                                description: ResourceParam declares a string value
                                  to use for the parameter called Name, and is used
                                  in the specific context of PipelineResources.
                                properties:
                                  name:
                                    type: string
                                  value:
                                    type: string
                                required:
                                - name
                                - value
                                type: object
                              type: array
                              x-kubernetes-list-type: atomic
                            secrets:
                              description: Secrets to fetch to populate some of resource
                                fields
                              items:
                                description: SecretParam indicates which secret can
                                  be used to populate a field of the resource
                                properties:
                                  fieldName:
                                    type: string
                                  secretKey:
                                    type: string
                                  secretName:
                                    type: string
                                required:
                                - fieldName
                                - secretKey
                                - secretName
                                type: object
                              type: array
                              x-kubernetes-list-type: atomic
                            type:
                              type: string
                          required:
                          - params
                          - type
                          type: object
                      type: object
                    type: array
                  serviceAccountName:
                    type: string
                  serviceAccountNames:
                    items:
                      description: PipelineRunSpecServiceAccountName can be used to
                        configure specific ServiceAccountName for a concrete Task
                      properties:
                        serviceAccountName:
                          type: string
                        taskName:
                          type: string
                      type: object
                    type: array
                  status:
                    description: Used for cancelling a pipelinerun (and maybe more
                      later on)
                    type: string
                  taskRunSpecs:
                    description: TaskRunSpecs holds a set of task specific specs
                    items:
                      description: PipelineTaskRunSpec holds task specific specs
                      properties:
                        pipelineTaskName:
                          type: string
                        taskPodTemplate:
                          description: Template holds pod specific configuration
                          properties:
                            affinity:
                              description: If specified, the pod's scheduling constraints
                              properties:
                                nodeAffinity:
                                  description: Describes node affinity scheduling
                                    rules for the pod.
                                  properties:
                                    preferredDuringSchedulingIgnoredDuringExecution:
                                      description: The scheduler will prefer to schedule
                                        pods to nodes that satisfy the affinity expressions
                                        specified by this field, but it may choose
                                        a node that violates one or more of the expressions.
                                        The node that is most preferred is the one
                                        with the greatest sum of weights, i.e. for
                                        each node that meets all of the scheduling
                                        requirements (resource request, requiredDuringScheduling
                                        affinity expressions, etc.), compute a sum
                                        by iterating through the elements of this
                                        field and adding "weight" to the sum if the
                                        node matches the corresponding matchExpressions;
                                        the node(s) with the highest sum are the most
                                        preferred.
                                      items:
                                        description: An empty preferred scheduling
                                          term matches all objects with implicit weight
                                          0 (i.e. it's a no-op). A null preferred
                                          scheduling term matches no objects (i.e.
                                          is also a no-op).
                                        properties:
                                          preference:
                                            description: A node selector term, associated
                                              with the corresponding weight.
                                            properties:
                                              matchExpressions:
                                                description: A list of node selector
                                                  requirements by node's labels.
                                                items:
                                                  description: A node selector requirement
                                                    is a selector that contains values,
                                                    a key, and an operator that relates
                                                    the key and values.
                                                  properties:
                                                    key:
                                                      description: The label key that
                                                        the selector applies to.
                                                      type: string
                                                    operator:
                                                      description: Represents a key's
                                                        relationship to a set of values.
                                                        Valid operators are In, NotIn,
                                                        Exists, DoesNotExist. Gt,
                                                        and Lt.
                                                      type: string
                                                    values:
                                                      description: An array of string
                                                        values. If the operator is
                                                        In or NotIn, the values array
                                                        must be non-empty. If the
                                                        operator is Exists or DoesNotExist,
                                                        the values array must be empty.
                                                        If the operator is Gt or Lt,
                                                        the values array must have
                                                        a single element, which will
                                                        be interpreted as an integer.
                                                        This array is replaced during
                                                        a strategic merge patch.
                                                      items:
                                                        type: string
                                                      type: array
                                                  required:
                                                  - key
                                                  - operator
                                                  type: object
                                                type: array
                                              matchFields:
                                                description: A list of node selector
                                                  requirements by node's fields.
                                                items:
                                                  description: A node selector requirement
                                                    is a selector that contains values,
                                                    a key, and an operator that relates
                                                    the key and values.
                                                  properties:
                                                    key:
                                                      description: The label key that
                                                        the selector applies to.
                                                      type: string
                                                    operator:
                                                      description: Represents a key's
                                                        relationship to a set of values.
                                                        Valid operators are In, NotIn,
                                                        Exists, DoesNotExist. Gt,
                                                        and Lt.
                                                      type: string
                                                    values:
                                                      description: An array of string
                                                        values. If the operator is
                                                        In or NotIn, the values array
                                                        must be non-empty. If the
                                                        operator is Exists or DoesNotExist,
                                                        the values array must be empty.
                                                        If the operator is Gt or Lt,
                                                        the values array must have
                                                        a single element, which will
                                                        be interpreted as an integer.
                                                        This array is replaced during
                                                        a strategic merge patch.
                                                      items:
                                                        type: string
                                                      type: array
                                                  required:
                                                  - key
                                                  - operator
                                                  type: object
                                                type: array
                                            type: object
                                          weight:
                                            description: Weight associated with matching
                                              the corresponding nodeSelectorTerm,
                                              in the range 1-100.
                                            format: int32
                                            type: integer
                                        required:
                                        - preference
                                        - weight
                                        type: object
                                      type: array
                                    requiredDuringSchedulingIgnoredDuringExecution:
                                      description: If the affinity requirements specified
                                        by this field are not met at scheduling time,
                                        the pod will not be scheduled onto the node.
                                        If the affinity requirements specified by
                                        this field cease to be met at some point during
                                        pod execution (e.g. due to an update), the
                                        system may or may not try to eventually evict
                                        the pod from its node.
                                      properties:
                                        nodeSelectorTerms:
                                          description: Required. A list of node selector
                                            terms. The terms are ORed.
                                          items:
                                            description: A null or empty node selector
                                              term matches no objects. The requirements
                                              of them are ANDed. The TopologySelectorTerm
                                              type implements a subset of the NodeSelectorTerm.
                                            properties:
                                              matchExpressions:
                                                description: A list of node selector
                                                  requirements by node's labels.
                                                items:
                                                  description: A node selector requirement
                                                    is a selector that contains values,
                                                    a key, and an operator that relates
                                                    the key and values.
                                                  properties:
                                                    key:
                                                      description: The label key that
                                                        the selector applies to.
                                                      type: string
                                                    operator:
                                                      description: Represents a key's
                                                        relationship to a set of values.
                                                        Valid operators are In, NotIn,
                                                        Exists, DoesNotExist. Gt,
                                                        and Lt.
                                                      type: string
                                                    values:
                                                      description: An array of string
                                                        values. If the operator is
                                                        In or NotIn, the values array
                                                        must be non-empty. If the
                                                        operator is Exists or DoesNotExist,
                                                        the values array must be empty.
                                                        If the operator is Gt or Lt,
                                                        the values array must have
                                                        a single element, which will
                                                        be interpreted as an integer.
                                                        This array is replaced during
                                                        a strategic merge patch.
                                                      items:
                                                        type: string
                                                      type: array
                                                  required:
                                                  - key
                                                  - operator
                                                  type: object
                                                type: array
                                              matchFields:
                                                description: A list of node selector
                                                  requirements by node's fields.
                                                items:
                                                  description: A node selector requirement
                                                    is a selector that contains values,
                                                    a key, and an operator that relates
                                                    the key and values.
                                                  properties:
                                                    key:
                                                      description: The label key that
                                                        the selector applies to.
                                                      type: string
                                                    operator:
                                                      description: Represents a key's
                                                        relationship to a set of values.
                                                        Valid operators are In, NotIn,
                                                        Exists, DoesNotExist. Gt,
                                                        and Lt.
                                                      type: string
                                                    values:
                                                      description: An array of string
                                                        values. If the operator is
                                                        In or NotIn, the values array
                                                        must be non-empty. If the
                                                        operator is Exists or DoesNotExist,
                                                        the values array must be empty.
                                                        If the operator is Gt or Lt,
                                                        the values array must have
                                                        a single element, which will
                                                        be interpreted as an integer.
                                                        This array is replaced during
                                                        a strategic merge patch.
                                                      items:
                                                        type: string
                                                      type: array
                                                  required:
                                                  - key
                                                  - operator
                                                  type: object
                                                type: array
                                            type: object
                                          type: array
                                      required:
                                      - nodeSelectorTerms
                                      type: object
                                  type: object
                                podAffinity:
                                  description: Describes pod affinity scheduling rules
                                    (e.g. co-locate this pod in the same node, zone,
                                    etc. as some other pod(s)).
                                  properties:
                                    preferredDuringSchedulingIgnoredDuringExecution:
                                      description: The scheduler will prefer to schedule
                                        pods to nodes that satisfy the affinity expressions
                                        specified by this field, but it may choose
                                        a node that violates one or more of the expressions.
                                        The node that is most preferred is the one
                                        with the greatest sum of weights, i.e. for
                                        each node that meets all of the scheduling
                                        requirements (resource request, requiredDuringScheduling
                                        affinity expressions, etc.), compute a sum
                                        by iterating through the elements of this
                                        field and adding "weight" to the sum if the
                                        node has pods which matches the corresponding
                                        podAffinityTerm; the node(s) with the highest
                                        sum are the most preferred.
                                      items:
                                        description: The weights of all of the matched
                                          WeightedPodAffinityTerm fields are added
                                          per-node to find the most preferred node(s)
                                        properties:
                                          podAffinityTerm:
                                            description: Required. A pod affinity
                                              term, associated with the corresponding
                                              weight.
                                            properties:
                                              labelSelector:
                                                description: A label query over a
                                                  set of resources, in this case pods.
                                                properties:
                                                  matchExpressions:
                                                    description: matchExpressions
                                                      is a list of label selector
                                                      requirements. The requirements
                                                      are ANDed.
                                                    items:
                                                      description: A label selector
                                                        requirement is a selector
                                                        that contains values, a key,
                                                        and an operator that relates
                                                        the key and values.
                                                      properties:
                                                        key:
                                                          description: key is the
                                                            label key that the selector
                                                            applies to.
                                                          type: string
                                                        operator:
                                                          description: operator represents
                                                            a key's relationship to
                                                            a set of values. Valid
                                                            operators are In, NotIn,
                                                            Exists and DoesNotExist.
                                                          type: string
                                                        values:
                                                          description: values is an
                                                            array of string values.
                                                            If the operator is In
                                                            or NotIn, the values array
                                                            must be non-empty. If
                                                            the operator is Exists
                                                            or DoesNotExist, the values
                                                            array must be empty. This
                                                            array is replaced during
                                                            a strategic merge patch.
                                                          items:
                                                            type: string
                                                          type: array
                                                      required:
                                                      - key
                                                      - operator
                                                      type: object
                                                    type: array
                                                  matchLabels:
                                                    additionalProperties:
                                                      type: string
                                                    description: matchLabels is a
                                                      map of {key,value} pairs. A
                                                      single {key,value} in the matchLabels
                                                      map is equivalent to an element
                                                      of matchExpressions, whose key
                                                      field is "key", the operator
                                                      is "In", and the values array
                                                      contains only "value". The requirements
                                                      are ANDed.
                                                    type: object
                                                type: object
                                              namespaceSelector:
                                                description: A label query over the
                                                  set of namespaces that the term
                                                  applies to. The term is applied
                                                  to the union of the namespaces selected
                                                  by this field and the ones listed
                                                  in the namespaces field. null selector
                                                  and null or empty namespaces list
                                                  means "this pod's namespace". An
                                                  empty selector ({}) matches all
                                                  namespaces.
                                                properties:
                                                  matchExpressions:
                                                    description: matchExpressions
                                                      is a list of label selector
                                                      requirements. The requirements
                                                      are ANDed.
                                                    items:
                                                      description: A label selector
                                                        requirement is a selector
                                                        that contains values, a key,
                                                        and an operator that relates
                                                        the key and values.
                                                      properties:
                                                        key:
                                                          description: key is the
                                                            label key that the selector
                                                            applies to.
                                                          type: string
                                                        operator:
                                                          description: operator represents
                                                            a key's relationship to
                                                            a set of values. Valid
                                                            operators are In, NotIn,
                                                            Exists and DoesNotExist.
                                                          type: string
                                                        values:
                                                          description: values is an
                                                            array of string values.
                                                            If the operator is In
                                                            or NotIn, the values array
                                                            must be non-empty. If
                                                            the operator is Exists
                                                            or DoesNotExist, the values
                                                            array must be empty. This
                                                            array is replaced during
                                                            a strategic merge patch.
                                                          items:
                                                            type: string
                                                          type: array
                                                      required:
                                                      - key
                                                      - operator
                                                      type: object
                                                    type: array
                                                  matchLabels:
                                                    additionalProperties:
                                                      type: string
                                                    description: matchLabels is a
                                                      map of {key,value} pairs. A
                                                      single {key,value} in the matchLabels
                                                      map is equivalent to an element
                                                      of matchExpressions, whose key
                                                      field is "key", the operator
                                                      is "In", and the values array
                                                      contains only "value". The requirements
                                                      are ANDed.
                                                    type: object
                                                type: object
                                              namespaces:
                                                description: namespaces specifies
                                                  a static list of namespace names
                                                  that the term applies to. The term
                                                  is applied to the union of the namespaces
                                                  listed in this field and the ones
                                                  selected by namespaceSelector. null
                                                  or empty namespaces list and null
                                                  namespaceSelector means "this pod's
                                                  namespace".
                                                items:
                                                  type: string
                                                type: array
                                              topologyKey:
                                                description: This pod should be co-located
                                                  (affinity) or not co-located (anti-affinity)
                                                  with the pods matching the labelSelector
                                                  in the specified namespaces, where
                                                  co-located is defined as running
                                                  on a node whose value of the label
                                                  with key topologyKey matches that
                                                  of any node on which any of the
                                                  selected pods is running. Empty
                                                  topologyKey is not allowed.
                                                type: string
                                            required:
                                            - topologyKey
                                            type: object
                                          weight:
                                            description: weight associated with matching
                                              the corresponding podAffinityTerm, in
                                              the range 1-100.
                                            format: int32
                                            type: integer
                                        required:
                                        - podAffinityTerm
                                        - weight
                                        type: object
                                      type: array
                                    requiredDuringSchedulingIgnoredDuringExecution:
                                      description: If the affinity requirements specified
                                        by this field are not met at scheduling time,
                                        the pod will not be scheduled onto the node.
                                        If the affinity requirements specified by
                                        this field cease to be met at some point during
                                        pod execution (e.g. due to a pod label update),
                                        the system may or may not try to eventually
                                        evict the pod from its node. When there are
                                        multiple elements, the lists of nodes corresponding
                                        to each podAffinityTerm are intersected, i.e.
                                        all terms must be satisfied.
                                      items:
                                        description: Defines a set of pods (namely
                                          those matching the labelSelector relative
                                          to the given namespace(s)) that this pod
                                          should be co-located (affinity) or not co-located
                                          (anti-affinity) with, where co-located is
                                          defined as running on a node whose value
                                          of the label with key <topologyKey> matches
                                          that of any node on which a pod of the set
                                          of pods is running
                                        properties:
                                          labelSelector:
                                            description: A label query over a set
                                              of resources, in this case pods.
                                            properties:
                                              matchExpressions:
                                                description: matchExpressions is a
                                                  list of label selector requirements.
                                                  The requirements are ANDed.
                                                items:
                                                  description: A label selector requirement
                                                    is a selector that contains values,
                                                    a key, and an operator that relates
                                                    the key and values.
                                                  properties:
                                                    key:
                                                      description: key is the label
                                                        key that the selector applies
                                                        to.
                                                      type: string
                                                    operator:
                                                      description: operator represents
                                                        a key's relationship to a
                                                        set of values. Valid operators
                                                        are In, NotIn, Exists and
                                                        DoesNotExist.
                                                      type: string
                                                    values:
                                                      description: values is an array
                                                        of string values. If the operator
                                                        is In or NotIn, the values
                                                        array must be non-empty. If
                                                        the operator is Exists or
                                                        DoesNotExist, the values array
                                                        must be empty. This array
                                                        is replaced during a strategic
                                                        merge patch.
                                                      items:
                                                        type: string
                                                      type: array
                                                  required:
                                                  - key
                                                  - operator
                                                  type: object
                                                type: array
                                              matchLabels:
                                                additionalProperties:
                                                  type: string
                                                description: matchLabels is a map
                                                  of {key,value} pairs. A single {key,value}
                                                  in the matchLabels map is equivalent
                                                  to an element of matchExpressions,
                                                  whose key field is "key", the operator
                                                  is "In", and the values array contains
                                                  only "value". The requirements are
                                                  ANDed.
                                                type: object
                                            type: object
                                          namespaceSelector:
                                            description: A label query over the set
                                              of namespaces that the term applies
                                              to. The term is applied to the union
                                              of the namespaces selected by this field
                                              and the ones listed in the namespaces
                                              field. null selector and null or empty
                                              namespaces list means "this pod's namespace".
                                              An empty selector ({}) matches all namespaces.
                                            properties:
                                              matchExpressions:
                                                description: matchExpressions is a
                                                  list of label selector requirements.
                                                  The requirements are ANDed.
                                                items:
                                                  description: A label selector requirement
                                                    is a selector that contains values,
                                                    a key, and an operator that relates
                                                    the key and values.
                                                  properties:
                                                    key:
                                                      description: key is the label
                                                        key that the selector applies
                                                        to.
                                                      type: string
                                                    operator:
                                                      description: operator represents
                                                        a key's relationship to a
                                                        set of values. Valid operators
                                                        are In, NotIn, Exists and
                                                        DoesNotExist.
                                                      type: string
                                                    values:
                                                      description: values is an array
                                                        of string values. If the operator
                                                        is In or NotIn, the values
                                                        array must be non-empty. If
                                                        the operator is Exists or
                                                        DoesNotExist, the values array
                                                        must be empty. This array
                                                        is replaced during a strategic
                                                        merge patch.
                                                      items:
                                                        type: string
                                                      type: array
                                                  required:
                                                  - key
                                                  - operator
                                                  type: object
                                                type: array
                                              matchLabels:
                                                additionalProperties:
                                                  type: string
                                                description: matchLabels is a map
                                                  of {key,value} pairs. A single {key,value}
                                                  in the matchLabels map is equivalent
                                                  to an element of matchExpressions,
                                                  whose key field is "key", the operator
                                                  is "In", and the values array contains
                                                  only "value". The requirements are
                                                  ANDed.
                                                type: object
                                            type: object
                                          namespaces:
                                            description: namespaces specifies a static
                                              list of namespace names that the term
                                              applies to. The term is applied to the
                                              union of the namespaces listed in this
                                              field and the ones selected by namespaceSelector.
                                              null or empty namespaces list and null
                                              namespaceSelector means "this pod's
                                              namespace".
                                            items:
                                              type: string
                                            type: array
                                          topologyKey:
                                            description: This pod should be co-located
                                              (affinity) or not co-located (anti-affinity)
                                              with the pods matching the labelSelector
                                              in the specified namespaces, where co-located
                                              is defined as running on a node whose
                                              value of the label with key topologyKey
                                              matches that of any node on which any
                                              of the selected pods is running. Empty
                                              topologyKey is not allowed.
                                            type: string
                                        required:
                                        - topologyKey
                                        type: object
                                      type: array
                                  type: object
                                podAntiAffinity:
                                  description: Describes pod anti-affinity scheduling
                                    rules (e.g. avoid putting this pod in the same
                                    node, zone, etc. as some other pod(s)).
                                  properties:
                                    preferredDuringSchedulingIgnoredDuringExecution:
                                      description: The scheduler will prefer to schedule
                                        pods to nodes that satisfy the anti-affinity
                                        expressions specified by this field, but it
                                        may choose a node that violates one or more
                                        of the expressions. The node that is most
                                        preferred is the one with the greatest sum
                                        of weights, i.e. for each node that meets
                                        all of the scheduling requirements (resource
                                        request, requiredDuringScheduling anti-affinity
                                        expressions, etc.), compute a sum by iterating
                                        through the elements of this field and adding
                                        "weight" to the sum if the node has pods which
                                        matches the corresponding podAffinityTerm;
                                        the node(s) with the highest sum are the most
                                        preferred.
                                      items:
                                        description: The weights of all of the matched
                                          WeightedPodAffinityTerm fields are added
                                          per-node to find the most preferred node(s)
                                        properties:
                                          podAffinityTerm:
                                            description: Required. A pod affinity
                                              term, associated with the corresponding
                                              weight.
                                            properties:
                                              labelSelector:
                                                description: A label query over a
                                                  set of resources, in this case pods.
                                                properties:
                                                  matchExpressions:
                                                    description: matchExpressions
                                                      is a list of label selector
                                                      requirements. The requirements
                                                      are ANDed.
                                                    items:
                                                      description: A label selector
                                                        requirement is a selector
                                                        that contains values, a key,
                                                        and an operator that relates
                                                        the key and values.
                                                      properties:
                                                        key:
                                                          description: key is the
                                                            label key that the selector
                                                            applies to.
                                                          type: string
                                                        operator:
                                                          description: operator represents
                                                            a key's relationship to
                                                            a set of values. Valid
                                                            operators are In, NotIn,
                                                            Exists and DoesNotExist.
                                                          type: string
                                                        values:
                                                          description: values is an
                                                            array of string values.
                                                            If the operator is In
                                                            or NotIn, the values array
                                                            must be non-empty. If
                                                            the operator is Exists
                                                            or DoesNotExist, the values
                                                            array must be empty. This
                                                            array is replaced during
                                                            a strategic merge patch.
                                                          items:
                                                            type: string
                                                          type: array
                                                      required:
                                                      - key
                                                      - operator
                                                      type: object
                                                    type: array
                                                  matchLabels:
                                                    additionalProperties:
                                                      type: string
                                                    description: matchLabels is a
                                                      map of {key,value} pairs. A
                                                      single {key,value} in the matchLabels
                                                      map is equivalent to an element
                                                      of matchExpressions, whose key
                                                      field is "key", the operator
                                                      is "In", and the values array
                                                      contains only "value". The requirements
                                                      are ANDed.
                                                    type: object
                                                type: object
                                              namespaceSelector:
                                                description: A label query over the
                                                  set of namespaces that the term
                                                  applies to. The term is applied
                                                  to the union of the namespaces selected
                                                  by this field and the ones listed
                                                  in the namespaces field. null selector
                                                  and null or empty namespaces list
                                                  means "this pod's namespace". An
                                                  empty selector ({}) matches all
                                                  namespaces.
                                                properties:
                                                  matchExpressions:
                                                    description: matchExpressions
                                                      is a list of label selector
                                                      requirements. The requirements
                                                      are ANDed.
                                                    items:
                                                      description: A label selector
                                                        requirement is a selector
                                                        that contains values, a key,
                                                        and an operator that relates
                                                        the key and values.
                                                      properties:
                                                        key:
                                                          description: key is the
                                                            label key that the selector
                                                            applies to.
                                                          type: string
                                                        operator:
                                                          description: operator represents
                                                            a key's relationship to
                                                            a set of values. Valid
                                                            operators are In, NotIn,
                                                            Exists and DoesNotExist.
                                                          type: string
                                                        values:
                                                          description: values is an
                                                            array of string values.
                                                            If the operator is In
                                                            or NotIn, the values array
                                                            must be non-empty. If
                                                            the operator is Exists
                                                            or DoesNotExist, the values
                                                            array must be empty. This
                                                            array is replaced during
                                                            a strategic merge patch.
                                                          items:
                                                            type: string
                                                          type: array
                                                      required:
                                                      - key
                                                      - operator
                                                      type: object
                                                    type: array
                                                  matchLabels:
                                                    additionalProperties:
                                                      type: string
                                                    description: matchLabels is a
                                                      map of {key,value} pairs. A
                                                      single {key,value} in the matchLabels
                                                      map is equivalent to an element
                                                      of matchExpressions, whose key
                                                      field is "key", the operator
                                                      is "In", and the values array
                                                      contains only "value". The requirements
                                                      are ANDed.
                                                    type: object
                                                type: object
                                              namespaces:
                                                description: namespaces specifies
                                                  a static list of namespace names
                                                  that the term applies to. The term
                                                  is applied to the union of the namespaces
                                                  listed in this field and the ones
                                                  selected by namespaceSelector. null
                                                  or empty namespaces list and null
                                                  namespaceSelector means "this pod's
                                                  namespace".
                                                items:
                                                  type: string
                                                type: array
                                              topologyKey:
                                                description: This pod should be co-located
                                                  (affinity) or not co-located (anti-affinity)
                                                  with the pods matching the labelSelector
                                                  in the specified namespaces, where
                                                  co-located is defined as running
                                                  on a node whose value of the label
                                                  with key topologyKey matches that
                                                  of any node on which any of the
                                                  selected pods is running. Empty
                                                  topologyKey is not allowed.
                                                type: string
                                            required:
                                            - topologyKey
                                            type: object
                                          weight:
                                            description: weight associated with matching
                                              the corresponding podAffinityTerm, in
                                              the range 1-100.
                                            format: int32
                                            type: integer
                                        required:
                                        - podAffinityTerm
                                        - weight
                                        type: object
                                      type: array
                                    requiredDuringSchedulingIgnoredDuringExecution:
                                      description: If the anti-affinity requirements
                                        specified by this field are not met at scheduling
                                        time, the pod will not be scheduled onto the
                                        node. If the anti-affinity requirements specified
                                        by this field cease to be met at some point
                                        during pod execution (e.g. due to a pod label
                                        update), the system may or may not try to
                                        eventually evict the pod from its node. When
                                        there are multiple elements, the lists of
                                        nodes corresponding to each podAffinityTerm
                                        are intersected, i.e. all terms must be satisfied.
                                      items:
                                        description: Defines a set of pods (namely
                                          those matching the labelSelector relative
                                          to the given namespace(s)) that this pod
                                          should be co-located (affinity) or not co-located
                                          (anti-affinity) with, where co-located is
                                          defined as running on a node whose value
                                          of the label with key <topologyKey> matches
                                          that of any node on which a pod of the set
                                          of pods is running
                                        properties:
                                          labelSelector:
                                            description: A label query over a set
                                              of resources, in this case pods.
                                            properties:
                                              matchExpressions:
                                                description: matchExpressions is a
                                                  list of label selector requirements.
                                                  The requirements are ANDed.
                                                items:
                                                  description: A label selector requirement
                                                    is a selector that contains values,
                                                    a key, and an operator that relates
                                                    the key and values.
                                                  properties:
                                                    key:
                                                      description: key is the label
                                                        key that the selector applies
                                                        to.
                                                      type: string
                                                    operator:
                                                      description: operator represents
                                                        a key's relationship to a
                                                        set of values. Valid operators
                                                        are In, NotIn, Exists and
                                                        DoesNotExist.
                                                      type: string
                                                    values:
                                                      description: values is an array
                                                        of string values. If the operator
                                                        is In or NotIn, the values
                                                        array must be non-empty. If
                                                        the operator is Exists or
                                                        DoesNotExist, the values array
                                                        must be empty. This array
                                                        is replaced during a strategic
                                                        merge patch.
                                                      items:
                                                        type: string
                                                      type: array
                                                  required:
                                                  - key
                                                  - operator
                                                  type: object
                                                type: array
                                              matchLabels:
                                                additionalProperties:
                                                  type: string
                                                description: matchLabels is a map
                                                  of {key,value} pairs. A single {key,value}
                                                  in the matchLabels map is equivalent
                                                  to an element of matchExpressions,
                                                  whose key field is "key", the operator
                                                  is "In", and the values array contains
                                                  only "value". The requirements are
                                                  ANDed.
                                                type: object
                                            type: object
                                          namespaceSelector:
                                            description: A label query over the set
                                              of namespaces that the term applies
                                              to. The term is applied to the union
                                              of the namespaces selected by this field
                                              and the ones listed in the namespaces
                                              field. null selector and null or empty
                                              namespaces list means "this pod's namespace".
                                              An empty selector ({}) matches all namespaces.
                                            properties:
                                              matchExpressions:
                                                description: matchExpressions is a
                                                  list of label selector requirements.
                                                  The requirements are ANDed.
                                                items:
                                                  description: A label selector requirement
                                                    is a selector that contains values,
                                                    a key, and an operator that relates
                                                    the key and values.
                                                  properties:
                                                    key:
                                                      description: key is the label
                                                        key that the selector applies
                                                        to.
                                                      type: string
                                                    operator:
                                                      description: operator represents
                                                        a key's relationship to a
                                                        set of values. Valid operators
                                                        are In, NotIn, Exists and
                                                        DoesNotExist.
                                                      type: string
                                                    values:
                                                      description: values is an array
                                                        of string values. If the operator
                                                        is In or NotIn, the values
                                                        array must be non-empty. If
                                                        the operator is Exists or
                                                        DoesNotExist, the values array
                                                        must be empty. This array
                                                        is replaced during a strategic
                                                        merge patch.
                                                      items:
                                                        type: string
                                                      type: array
                                                  required:
                                                  - key
                                                  - operator
                                                  type: object
                                                type: array
                                              matchLabels:
                                                additionalProperties:
                                                  type: string
                                                description: matchLabels is a map
                                                  of {key,value} pairs. A single {key,value}
                                                  in the matchLabels map is equivalent
                                                  to an element of matchExpressions,
                                                  whose key field is "key", the operator
                                                  is "In", and the values array contains
                                                  only "value". The requirements are
                                                  ANDed.
                                                type: object
                                            type: object
                                          namespaces:
                                            description: namespaces specifies a static
                                              list of namespace names that the term
                                              applies to. The term is applied to the
                                              union of the namespaces listed in this
                                              field and the ones selected by namespaceSelector.
                                              null or empty namespaces list and null
                                              namespaceSelector means "this pod's
                                              namespace".
                                            items:
                                              type: string
                                            type: array
                                          topologyKey:
                                            description: This pod should be co-located
                                              (affinity) or not co-located (anti-affinity)
                                              with the pods matching the labelSelector
                                              in the specified namespaces, where co-located
                                              is defined as running on a node whose
                                              value of the label with key topologyKey
                                              matches that of any node on which any
                                              of the selected pods is running. Empty
                                              topologyKey is not allowed.
                                            type: string
                                        required:
                                        - topologyKey
                                        type: object
                                      type: array
                                  type: object
                              type: object
                            automountServiceAccountToken:
                              description: AutomountServiceAccountToken indicates
                                whether pods running as this service account should
                                have an API token automatically mounted.
                              type: boolean
                            dnsConfig:
                              description: Specifies the DNS parameters of a pod.
                                Parameters specified here will be merged to the generated
                                DNS configuration based on DNSPolicy.
                              properties:
                                nameservers:
                                  description: A list of DNS name server IP addresses.
                                    This will be appended to the base nameservers
                                    generated from DNSPolicy. Duplicated nameservers
                                    will be removed.
                                  items:
                                    type: string
                                  type: array
                                options:
                                  description: A list of DNS resolver options. This
                                    will be merged with the base options generated
                                    from DNSPolicy. Duplicated entries will be removed.
                                    Resolution options given in Options will override
                                    those that appear in the base DNSPolicy.
                                  items:
                                    description: PodDNSConfigOption defines DNS resolver
                                      options of a pod.
                                    properties:
                                      name:
                                        description: Required.
                                        type: string
                                      value:
                                        type: string
                                    type: object
                                  type: array
                                searches:
                                  description: A list of DNS search domains for host-name
                                    lookup. This will be appended to the base search
                                    paths generated from DNSPolicy. Duplicated search
                                    paths will be removed.
                                  items:
                                    type: string
                                  type: array
                              type: object
                            dnsPolicy:
                              description: Set DNS policy for the pod. Defaults to
                                "ClusterFirst". Valid values are 'ClusterFirst', 'Default'
                                or 'None'. DNS parameters given in DNSConfig will
                                be merged with the policy selected with DNSPolicy.
                              type: string
                            enableServiceLinks:
                              description: 'EnableServiceLinks indicates whether information
                                about services should be injected into pod''s environment
                                variables, matching the syntax of Docker links. Optional:
                                Defaults to true.'
                              type: boolean
                            hostAliases:
                              description: HostAliases is an optional list of hosts
                                and IPs that will be injected into the pod's hosts
                                file if specified. This is only valid for non-hostNetwork
                                pods.
                              items:
                                description: HostAlias holds the mapping between IP
                                  and hostnames that will be injected as an entry
                                  in the pod's hosts file.
                                properties:
                                  hostnames:
                                    description: Hostnames for the above IP address.
                                    items:
                                      type: string
                                    type: array
                                  ip:
                                    description: IP address of the host file entry.
                                    type: string
                                type: object
                              type: array
                              x-kubernetes-list-type: atomic
                            hostNetwork:
                              description: HostNetwork specifies whether the pod may
                                use the node network namespace
                              type: boolean
                            imagePullSecrets:
                              description: ImagePullSecrets gives the name of the
                                secret used by the pod to pull the image if specified
                              items:
                                description: LocalObjectReference contains enough
                                  information to let you locate the referenced object
                                  inside the same namespace.
                                properties:
                                  name:
                                    description: 'Name of the referent. More info:
                                      https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                      TODO: Add other useful fields. apiVersion, kind,
                                      uid?'
                                    type: string
                                type: object
                              type: array
                              x-kubernetes-list-type: atomic
                            nodeSelector:
                              additionalProperties:
                                type: string
                              description: 'NodeSelector is a selector which must
                                be true for the pod to fit on a node. Selector which
                                must match a node''s labels for the pod to be scheduled
                                on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/'
                              type: object
                            priorityClassName:
                              description: If specified, indicates the pod's priority.
                                "system-node-critical" and "system-cluster-critical"
                                are two special keywords which indicate the highest
                                priorities with the former being the highest priority.
                                Any other name must be defined by creating a PriorityClass
                                object with that name. If not specified, the pod priority
                                will be default or zero if there is no default.
                              type: string
                            runtimeClassName:
                              description: 'RuntimeClassName refers to a RuntimeClass
                                object in the node.k8s.io group, which should be used
                                to run this pod. If no RuntimeClass resource matches
                                the named class, the pod will not be run. If unset
                                or empty, the "legacy" RuntimeClass will be used,
                                which is an implicit class with an empty definition
                                that uses the default runtime handler. More info:
                                https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md
                                This is a beta feature as of Kubernetes v1.14.'
                              type: string
                            schedulerName:
                              description: SchedulerName specifies the scheduler to
                                be used to dispatch the Pod
                              type: string
                            securityContext:
                              description: 'SecurityContext holds pod-level security
                                attributes and common container settings. Optional:
                                Defaults to empty.  See type description for default
                                values of each field.'
                              properties:
                                fsGroup:
                                  description: "A special supplemental group that
                                    applies to all containers in a pod. Some volume
                                    types allow the Kubelet to change the ownership
                                    of that volume to be owned by the pod: \n 1. The
                                    owning GID will be the FSGroup 2. The setgid bit
                                    is set (new files created in the volume will be
                                    owned by FSGroup) 3. The permission bits are OR'd
                                    with rw-rw---- \n If unset, the Kubelet will not
                                    modify the ownership and permissions of any volume.
                                    Note that this field cannot be set when spec.os.name
                                    is windows."
                                  format: int64
                                  type: integer
                                fsGroupChangePolicy:
                                  description: 'fsGroupChangePolicy defines behavior
                                    of changing ownership and permission of the volume
                                    before being exposed inside Pod. This field will
                                    only apply to volume types which support fsGroup
                                    based ownership(and permissions). It will have
                                    no effect on ephemeral volume types such as: secret,
                                    configmaps and emptydir. Valid values are "OnRootMismatch"
                                    and "Always". If not specified, "Always" is used.
                                    Note that this field cannot be set when spec.os.name
                                    is windows.'
                                  type: string
                                runAsGroup:
                                  description: The GID to run the entrypoint of the
                                    container process. Uses runtime default if unset.
                                    May also be set in SecurityContext.  If set in
                                    both SecurityContext and PodSecurityContext, the
                                    value specified in SecurityContext takes precedence
                                    for that container. Note that this field cannot
                                    be set when spec.os.name is windows.
                                  format: int64
                                  type: integer
                                runAsNonRoot:
                                  description: Indicates that the container must run
                                    as a non-root user. If true, the Kubelet will
                                    validate the image at runtime to ensure that it
                                    does not run as UID 0 (root) and fail to start
                                    the container if it does. If unset or false, no
                                    such validation will be performed. May also be
                                    set in SecurityContext.  If set in both SecurityContext
                                    and PodSecurityContext, the value specified in
                                    SecurityContext takes precedence.
                                  type: boolean
                                runAsUser:
                                  description: The UID to run the entrypoint of the
                                    container process. Defaults to user specified
                                    in image metadata if unspecified. May also be
                                    set in SecurityContext.  If set in both SecurityContext
                                    and PodSecurityContext, the value specified in
                                    SecurityContext takes precedence for that container.
                                    Note that this field cannot be set when spec.os.name
                                    is windows.
                                  format: int64
                                  type: integer
                                seLinuxOptions:
                                  description: The SELinux context to be applied to
                                    all containers. If unspecified, the container
                                    runtime will allocate a random SELinux context
                                    for each container.  May also be set in SecurityContext.  If
                                    set in both SecurityContext and PodSecurityContext,
                                    the value specified in SecurityContext takes precedence
                                    for that container. Note that this field cannot
                                    be set when spec.os.name is windows.
                                  properties:
                                    level:
                                      description: Level is SELinux level label that
                                        applies to the container.
                                      type: string
                                    role:
                                      description: Role is a SELinux role label that
                                        applies to the container.
                                      type: string
                                    type:
                                      description: Type is a SELinux type label that
                                        applies to the container.
                                      type: string
                                    user:
                                      description: User is a SELinux user label that
                                        applies to the container.
                                      type: string
                                  type: object
                                seccompProfile:
                                  description: The seccomp options to use by the containers
                                    in this pod. Note that this field cannot be set
                                    when spec.os.name is windows.
                                  properties:
                                    localhostProfile:
                                      description: localhostProfile indicates a profile
                                        defined in a file on the node should be used.
                                        The profile must be preconfigured on the node
                                        to work. Must be a descending path, relative
                                        to the kubelet's configured seccomp profile
                                        location. Must only be set if type is "Localhost".
                                      type: string
                                    type:
                                      description: "type indicates which kind of seccomp
                                        profile will be applied. Valid options are:
                                        \n Localhost - a profile defined in a file
                                        on the node should be used. RuntimeDefault
                                        - the container runtime default profile should
                                        be used. Unconfined - no profile should be
                                        applied."
                                      type: string
                                  required:
                                  - type
                                  type: object
                                supplementalGroups:
                                  description: A list of groups applied to the first
                                    process run in each container, in addition to
                                    the container's primary GID.  If unspecified,
                                    no groups will be added to any container. Note
                                    that this field cannot be set when spec.os.name
                                    is windows.
                                  items:
                                    format: int64
                                    type: integer
                                  type: array
                                sysctls:
                                  description: Sysctls hold a list of namespaced sysctls
                                    used for the pod. Pods with unsupported sysctls
                                    (by the container runtime) might fail to launch.
                                    Note that this field cannot be set when spec.os.name
                                    is windows.
                                  items:
                                    description: Sysctl defines a kernel parameter
                                      to be set
                                    properties:
                                      name:
                                        description: Name of a property to set
                                        type: string
                                      value:
                                        description: Value of a property to set
                                        type: string
                                    required:
                                    - name
                                    - value
                                    type: object
                                  type: array
                                windowsOptions:
                                  description: The Windows specific settings applied
                                    to all containers. If unspecified, the options
                                    within a container's SecurityContext will be used.
                                    If set in both SecurityContext and PodSecurityContext,
                                    the value specified in SecurityContext takes precedence.
                                    Note that this field cannot be set when spec.os.name
                                    is linux.
                                  properties:
                                    gmsaCredentialSpec:
                                      description: GMSACredentialSpec is where the
                                        GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
                                        inlines the contents of the GMSA credential
                                        spec named by the GMSACredentialSpecName field.
                                      type: string
                                    gmsaCredentialSpecName:
                                      description: GMSACredentialSpecName is the name
                                        of the GMSA credential spec to use.
                                      type: string
                                    hostProcess:
                                      description: HostProcess determines if a container
                                        should be run as a 'Host Process' container.
                                        This field is alpha-level and will only be
                                        honored by components that enable the WindowsHostProcessContainers
                                        feature flag. Setting this field without the
                                        feature flag will result in errors when validating
                                        the Pod. All of a Pod's containers must have
                                        the same effective HostProcess value (it is
                                        not allowed to have a mix of HostProcess containers
                                        and non-HostProcess containers).  In addition,
                                        if HostProcess is true then HostNetwork must
                                        also be set to true.
                                      type: boolean
                                    runAsUserName:
                                      description: The UserName in Windows to run
                                        the entrypoint of the container process. Defaults
                                        to the user specified in image metadata if
                                        unspecified. May also be set in PodSecurityContext.
                                        If set in both SecurityContext and PodSecurityContext,
                                        the value specified in SecurityContext takes
                                        precedence.
                                      type: string
                                  type: object
                              type: object
                            tolerations:
                              description: If specified, the pod's tolerations.
                              items:
                                description: The pod this Toleration is attached to
                                  tolerates any taint that matches the triple <key,value,effect>
                                  using the matching operator <operator>.
                                properties:
                                  effect:
                                    description: Effect indicates the taint effect
                                      to match. Empty means match all taint effects.
                                      When specified, allowed values are NoSchedule,
                                      PreferNoSchedule and NoExecute.
                                    type: string
                                  key:
                                    description: Key is the taint key that the toleration
                                      applies to. Empty means match all taint keys.
                                      If the key is empty, operator must be Exists;
                                      this combination means to match all values and
                                      all keys.
                                    type: string
                                  operator:
                                    description: Operator represents a key's relationship
                                      to the value. Valid operators are Exists and
                                      Equal. Defaults to Equal. Exists is equivalent
                                      to wildcard for value, so that a pod can tolerate
                                      all taints of a particular category.
                                    type: string
                                  tolerationSeconds:
                                    description: TolerationSeconds represents the
                                      period of time the toleration (which must be
                                      of effect NoExecute, otherwise this field is
                                      ignored) tolerates the taint. By default, it
                                      is not set, which means tolerate the taint forever
                                      (do not evict). Zero and negative values will
                                      be treated as 0 (evict immediately) by the system.
                                    format: int64
                                    type: integer
                                  value:
                                    description: Value is the taint value the toleration
                                      matches to. If the operator is Exists, the value
                                      should be empty, otherwise just a regular string.
                                    type: string
                                type: object
                              type: array
                              x-kubernetes-list-type: atomic
                            volumes:
                              description: 'List of volumes that can be mounted by
                                containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes'
                              items:
                                description: Volume represents a named volume in a
                                  pod that may be accessed by any container in the
                                  pod.
                                properties:
                                  awsElasticBlockStore:
                                    description: 'awsElasticBlockStore represents
                                      an AWS Disk resource that is attached to a kubelet''s
                                      host machine and then exposed to the pod. More
                                      info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
                                    properties:
                                      fsType:
                                        description: 'fsType is the filesystem type
                                          of the volume that you want to mount. Tip:
                                          Ensure that the filesystem type is supported
                                          by the host operating system. Examples:
                                          "ext4", "xfs", "ntfs". Implicitly inferred
                                          to be "ext4" if unspecified. More info:
                                          https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
                                          TODO: how do we prevent errors in the filesystem
                                          from compromising the machine'
                                        type: string
                                      partition:
                                        description: 'partition is the partition in
                                          the volume that you want to mount. If omitted,
                                          the default is to mount by volume name.
                                          Examples: For volume /dev/sda1, you specify
                                          the partition as "1". Similarly, the volume
                                          partition for /dev/sda is "0" (or you can
                                          leave the property empty).'
                                        format: int32
                                        type: integer
                                      readOnly:
                                        description: 'readOnly value true will force
                                          the readOnly setting in VolumeMounts. More
                                          info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
                                        type: boolean
                                      volumeID:
                                        description: 'volumeID is unique ID of the
                                          persistent disk resource in AWS (Amazon
                                          EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
                                        type: string
                                    required:
                                    - volumeID
                                    type: object
                                  azureDisk:
                                    description: azureDisk represents an Azure Data
                                      Disk mount on the host and bind mount to the
                                      pod.
                                    properties:
                                      cachingMode:
                                        description: 'cachingMode is the Host Caching
                                          mode: None, Read Only, Read Write.'
                                        type: string
                                      diskName:
                                        description: diskName is the Name of the data
                                          disk in the blob storage
                                        type: string
                                      diskURI:
                                        description: diskURI is the URI of data disk
                                          in the blob storage
                                        type: string
                                      fsType:
                                        description: fsType is Filesystem type to
                                          mount. Must be a filesystem type supported
                                          by the host operating system. Ex. "ext4",
                                          "xfs", "ntfs". Implicitly inferred to be
                                          "ext4" if unspecified.
                                        type: string
                                      kind:
                                        description: 'kind expected values are Shared:
                                          multiple blob disks per storage account  Dedicated:
                                          single blob disk per storage account  Managed:
                                          azure managed data disk (only in managed
                                          availability set). defaults to shared'
                                        type: string
                                      readOnly:
                                        description: readOnly Defaults to false (read/write).
                                          ReadOnly here will force the ReadOnly setting
                                          in VolumeMounts.
                                        type: boolean
                                    required:
                                    - diskName
                                    - diskURI
                                    type: object
                                  azureFile:
                                    description: azureFile represents an Azure File
                                      Service mount on the host and bind mount to
                                      the pod.
                                    properties:
                                      readOnly:
                                        description: readOnly defaults to false (read/write).
                                          ReadOnly here will force the ReadOnly setting
                                          in VolumeMounts.
                                        type: boolean
                                      secretName:
                                        description: secretName is the  name of secret
                                          that contains Azure Storage Account Name
                                          and Key
                                        type: string
                                      shareName:
                                        description: shareName is the azure share
                                          Name
                                        type: string
                                    required:
                                    - secretName
                                    - shareName
                                    type: object
                                  cephfs:
                                    description: cephFS represents a Ceph FS mount
                                      on the host that shares a pod's lifetime
                                    properties:
                                      monitors:
                                        description: 'monitors is Required: Monitors
                                          is a collection of Ceph monitors More info:
                                          https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                                        items:
                                          type: string
                                        type: array
                                      path:
                                        description: 'path is Optional: Used as the
                                          mounted root, rather than the full Ceph
                                          tree, default is /'
                                        type: string
                                      readOnly:
                                        description: 'readOnly is Optional: Defaults
                                          to false (read/write). ReadOnly here will
                                          force the ReadOnly setting in VolumeMounts.
                                          More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                                        type: boolean
                                      secretFile:
                                        description: 'secretFile is Optional: SecretFile
                                          is the path to key ring for User, default
                                          is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                                        type: string
                                      secretRef:
                                        description: 'secretRef is Optional: SecretRef
                                          is reference to the authentication secret
                                          for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                                        properties:
                                          name:
                                            description: 'Name of the referent. More
                                              info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                              TODO: Add other useful fields. apiVersion,
                                              kind, uid?'
                                            type: string
                                        type: object
                                      user:
                                        description: 'user is optional: User is the
                                          rados user name, default is admin More info:
                                          https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                                        type: string
                                    required:
                                    - monitors
                                    type: object
                                  cinder:
                                    description: 'cinder represents a cinder volume
                                      attached and mounted on kubelets host machine.
                                      More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
                                    properties:
                                      fsType:
                                        description: 'fsType is the filesystem type
                                          to mount. Must be a filesystem type supported
                                          by the host operating system. Examples:
                                          "ext4", "xfs", "ntfs". Implicitly inferred
                                          to be "ext4" if unspecified. More info:
                                          https://examples.k8s.io/mysql-cinder-pd/README.md'
                                        type: string
                                      readOnly:
                                        description: 'readOnly defaults to false (read/write).
                                          ReadOnly here will force the ReadOnly setting
                                          in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
                                        type: boolean
                                      secretRef:
                                        description: 'secretRef is optional: points
                                          to a secret object containing parameters
                                          used to connect to OpenStack.'
                                        properties:
                                          name:
                                            description: 'Name of the referent. More
                                              info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                              TODO: Add other useful fields. apiVersion,
                                              kind, uid?'
                                            type: string
                                        type: object
                                      volumeID:
                                        description: 'volumeID used to identify the
                                          volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
                                        type: string
                                    required:
                                    - volumeID
                                    type: object
                                  configMap:
                                    description: configMap represents a configMap
                                      that should populate this volume
                                    properties:
                                      defaultMode:
                                        description: 'defaultMode is optional: mode
                                          bits used to set permissions on created
                                          files by default. Must be an octal value
                                          between 0000 and 0777 or a decimal value
                                          between 0 and 511. YAML accepts both octal
                                          and decimal values, JSON requires decimal
                                          values for mode bits. Defaults to 0644.
                                          Directories within the path are not affected
                                          by this setting. This might be in conflict
                                          with other options that affect the file
                                          mode, like fsGroup, and the result can be
                                          other mode bits set.'
                                        format: int32
                                        type: integer
                                      items:
                                        description: items if unspecified, each key-value
                                          pair in the Data field of the referenced
                                          ConfigMap will be projected into the volume
                                          as a file whose name is the key and content
                                          is the value. If specified, the listed keys
                                          will be projected into the specified paths,
                                          and unlisted keys will not be present. If
                                          a key is specified which is not present
                                          in the ConfigMap, the volume setup will
                                          error unless it is marked optional. Paths
                                          must be relative and may not contain the
                                          '..' path or start with '..'.
                                        items:
                                          description: Maps a string key to a path
                                            within a volume.
                                          properties:
                                            key:
                                              description: key is the key to project.
                                              type: string
                                            mode:
                                              description: 'mode is Optional: mode
                                                bits used to set permissions on this
                                                file. Must be an octal value between
                                                0000 and 0777 or a decimal value between
                                                0 and 511. YAML accepts both octal
                                                and decimal values, JSON requires
                                                decimal values for mode bits. If not
                                                specified, the volume defaultMode
                                                will be used. This might be in conflict
                                                with other options that affect the
                                                file mode, like fsGroup, and the result
                                                can be other mode bits set.'
                                              format: int32
                                              type: integer
                                            path:
                                              description: path is the relative path
                                                of the file to map the key to. May
                                                not be an absolute path. May not contain
                                                the path element '..'. May not start
                                                with the string '..'.
                                              type: string
                                          required:
                                          - key
                                          - path
                                          type: object
                                        type: array
                                      name:
                                        description: 'Name of the referent. More info:
                                          https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                          TODO: Add other useful fields. apiVersion,
                                          kind, uid?'
                                        type: string
                                      optional:
                                        description: optional specify whether the
                                          ConfigMap or its keys must be defined
                                        type: boolean
                                    type: object
                                  csi:
                                    description: csi (Container Storage Interface)
                                      represents ephemeral storage that is handled
                                      by certain external CSI drivers (Beta feature).
                                    properties:
                                      driver:
                                        description: driver is the name of the CSI
                                          driver that handles this volume. Consult
                                          with your admin for the correct name as
                                          registered in the cluster.
                                        type: string
                                      fsType:
                                        description: fsType to mount. Ex. "ext4",
                                          "xfs", "ntfs". If not provided, the empty
                                          value is passed to the associated CSI driver
                                          which will determine the default filesystem
                                          to apply.
                                        type: string
                                      nodePublishSecretRef:
                                        description: nodePublishSecretRef is a reference
                                          to the secret object containing sensitive
                                          information to pass to the CSI driver to
                                          complete the CSI NodePublishVolume and NodeUnpublishVolume
                                          calls. This field is optional, and  may
                                          be empty if no secret is required. If the
                                          secret object contains more than one secret,
                                          all secret references are passed.
                                        properties:
                                          name:
                                            description: 'Name of the referent. More
                                              info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                              TODO: Add other useful fields. apiVersion,
                                              kind, uid?'
                                            type: string
                                        type: object
                                      readOnly:
                                        description: readOnly specifies a read-only
                                          configuration for the volume. Defaults to
                                          false (read/write).
                                        type: boolean
                                      volumeAttributes:
                                        additionalProperties:
                                          type: string
                                        description: volumeAttributes stores driver-specific
                                          properties that are passed to the CSI driver.
                                          Consult your driver's documentation for
                                          supported values.
                                        type: object
                                    required:
                                    - driver
                                    type: object
                                  downwardAPI:
                                    description: downwardAPI represents downward API
                                      about the pod that should populate this volume
                                    properties:
                                      defaultMode:
                                        description: 'Optional: mode bits to use on
                                          created files by default. Must be a Optional:
                                          mode bits used to set permissions on created
                                          files by default. Must be an octal value
                                          between 0000 and 0777 or a decimal value
                                          between 0 and 511. YAML accepts both octal
                                          and decimal values, JSON requires decimal
                                          values for mode bits. Defaults to 0644.
                                          Directories within the path are not affected
                                          by this setting. This might be in conflict
                                          with other options that affect the file
                                          mode, like fsGroup, and the result can be
                                          other mode bits set.'
                                        format: int32
                                        type: integer
                                      items:
                                        description: Items is a list of downward API
                                          volume file
                                        items:
                                          description: DownwardAPIVolumeFile represents
                                            information to create the file containing
                                            the pod field
                                          properties:
                                            fieldRef:
                                              description: 'Required: Selects a field
                                                of the pod: only annotations, labels,
                                                name and namespace are supported.'
                                              properties:
                                                apiVersion:
                                                  description: Version of the schema
                                                    the FieldPath is written in terms
                                                    of, defaults to "v1".
                                                  type: string
                                                fieldPath:
                                                  description: Path of the field to
                                                    select in the specified API version.
                                                  type: string
                                              required:
                                              - fieldPath
                                              type: object
                                            mode:
                                              description: 'Optional: mode bits used
                                                to set permissions on this file, must
                                                be an octal value between 0000 and
                                                0777 or a decimal value between 0
                                                and 511. YAML accepts both octal and
                                                decimal values, JSON requires decimal
                                                values for mode bits. If not specified,
                                                the volume defaultMode will be used.
                                                This might be in conflict with other
                                                options that affect the file mode,
                                                like fsGroup, and the result can be
                                                other mode bits set.'
                                              format: int32
                                              type: integer
                                            path:
                                              description: 'Required: Path is  the
                                                relative path name of the file to
                                                be created. Must not be absolute or
                                                contain the ''..'' path. Must be utf-8
                                                encoded. The first item of the relative
                                                path must not start with ''..'''
                                              type: string
                                            resourceFieldRef:
                                              description: 'Selects a resource of
                                                the container: only resources limits
                                                and requests (limits.cpu, limits.memory,
                                                requests.cpu and requests.memory)
                                                are currently supported.'
                                              properties:
                                                containerName:
                                                  description: 'Container name: required
                                                    for volumes, optional for env
                                                    vars'
                                                  type: string
                                                divisor:
                                                  anyOf:
                                                  - type: integer
                                                  - type: string
                                                  description: Specifies the output
                                                    format of the exposed resources,
                                                    defaults to "1"
                                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                  x-kubernetes-int-or-string: true
                                                resource:
                                                  description: 'Required: resource
                                                    to select'
                                                  type: string
                                              required:
                                              - resource
                                              type: object
                                          required:
                                          - path
                                          type: object
                                        type: array
                                    type: object
                                  emptyDir:
                                    description: 'emptyDir represents a temporary
                                      directory that shares a pod''s lifetime. More
                                      info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
                                    properties:
                                      medium:
                                        description: 'medium represents what type
                                          of storage medium should back this directory.
                                          The default is "" which means to use the
                                          node''s default medium. Must be an empty
                                          string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
                                        type: string
                                      sizeLimit:
                                        anyOf:
                                        - type: integer
                                        - type: string
                                        description: 'sizeLimit is the total amount
                                          of local storage required for this EmptyDir
                                          volume. The size limit is also applicable
                                          for memory medium. The maximum usage on
                                          memory medium EmptyDir would be the minimum
                                          value between the SizeLimit specified here
                                          and the sum of memory limits of all containers
                                          in a pod. The default is nil which means
                                          that the limit is undefined. More info:
                                          http://kubernetes.io/docs/user-guide/volumes#emptydir'
                                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                        x-kubernetes-int-or-string: true
                                    type: object
                                  ephemeral:
                                    description: "ephemeral represents a volume that
                                      is handled by a cluster storage driver. The
                                      volume's lifecycle is tied to the pod that defines
                                      it - it will be created before the pod starts,
                                      and deleted when the pod is removed. \n Use
                                      this if: a) the volume is only needed while
                                      the pod runs, b) features of normal volumes
                                      like restoring from snapshot or capacity    tracking
                                      are needed, c) the storage driver is specified
                                      through a storage class, and d) the storage
                                      driver supports dynamic volume provisioning
                                      through    a PersistentVolumeClaim (see EphemeralVolumeSource
                                      for more    information on the connection between
                                      this volume type    and PersistentVolumeClaim).
                                      \n Use PersistentVolumeClaim or one of the vendor-specific
                                      APIs for volumes that persist for longer than
                                      the lifecycle of an individual pod. \n Use CSI
                                      for light-weight local ephemeral volumes if
                                      the CSI driver is meant to be used that way
                                      - see the documentation of the driver for more
                                      information. \n A pod can use both types of
                                      ephemeral volumes and persistent volumes at
                                      the same time."
                                    properties:
                                      volumeClaimTemplate:
                                        description: "Will be used to create a stand-alone
                                          PVC to provision the volume. The pod in
                                          which this EphemeralVolumeSource is embedded
                                          will be the owner of the PVC, i.e. the PVC
                                          will be deleted together with the pod.  The
                                          name of the PVC will be `<pod name>-<volume
                                          name>` where `<volume name>` is the name
                                          from the `PodSpec.Volumes` array entry.
                                          Pod validation will reject the pod if the
                                          concatenated name is not valid for a PVC
                                          (for example, too long). \n An existing
                                          PVC with that name that is not owned by
                                          the pod will *not* be used for the pod to
                                          avoid using an unrelated volume by mistake.
                                          Starting the pod is then blocked until the
                                          unrelated PVC is removed. If such a pre-created
                                          PVC is meant to be used by the pod, the
                                          PVC has to updated with an owner reference
                                          to the pod once the pod exists. Normally
                                          this should not be necessary, but it may
                                          be useful when manually reconstructing a
                                          broken cluster. \n This field is read-only
                                          and no changes will be made by Kubernetes
                                          to the PVC after it has been created. \n
                                          Required, must not be nil."
                                        properties:
                                          metadata:
                                            description: May contain labels and annotations
                                              that will be copied into the PVC when
                                              creating it. No other fields are allowed
                                              and will be rejected during validation.
                                            type: object
                                          spec:
                                            description: The specification for the
                                              PersistentVolumeClaim. The entire content
                                              is copied unchanged into the PVC that
                                              gets created from this template. The
                                              same fields as in a PersistentVolumeClaim
                                              are also valid here.
                                            properties:
                                              accessModes:
                                                description: 'accessModes contains
                                                  the desired access modes the volume
                                                  should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
                                                items:
                                                  type: string
                                                type: array
                                              dataSource:
                                                description: 'dataSource field can
                                                  be used to specify either: * An
                                                  existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
                                                  * An existing PVC (PersistentVolumeClaim)
                                                  If the provisioner or an external
                                                  controller can support the specified
                                                  data source, it will create a new
                                                  volume based on the contents of
                                                  the specified data source. If the
                                                  AnyVolumeDataSource feature gate
                                                  is enabled, this field will always
                                                  have the same contents as the DataSourceRef
                                                  field.'
                                                properties:
                                                  apiGroup:
                                                    description: APIGroup is the group
                                                      for the resource being referenced.
                                                      If APIGroup is not specified,
                                                      the specified Kind must be in
                                                      the core API group. For any
                                                      other third-party types, APIGroup
                                                      is required.
                                                    type: string
                                                  kind:
                                                    description: Kind is the type
                                                      of resource being referenced
                                                    type: string
                                                  name:
                                                    description: Name is the name
                                                      of resource being referenced
                                                    type: string
                                                required:
                                                - kind
                                                - name
                                                type: object
                                              dataSourceRef:
                                                description: 'dataSourceRef specifies
                                                  the object from which to populate
                                                  the volume with data, if a non-empty
                                                  volume is desired. This may be any
                                                  local object from a non-empty API
                                                  group (non core object) or a PersistentVolumeClaim
                                                  object. When this field is specified,
                                                  volume binding will only succeed
                                                  if the type of the specified object
                                                  matches some installed volume populator
                                                  or dynamic provisioner. This field
                                                  will replace the functionality of
                                                  the DataSource field and as such
                                                  if both fields are non-empty, they
                                                  must have the same value. For backwards
                                                  compatibility, both fields (DataSource
                                                  and DataSourceRef) will be set to
                                                  the same value automatically if
                                                  one of them is empty and the other
                                                  is non-empty. There are two important
                                                  differences between DataSource and
                                                  DataSourceRef: * While DataSource
                                                  only allows two specific types of
                                                  objects, DataSourceRef   allows
                                                  any non-core object, as well as
                                                  PersistentVolumeClaim objects. *
                                                  While DataSource ignores disallowed
                                                  values (dropping them), DataSourceRef   preserves
                                                  all values, and generates an error
                                                  if a disallowed value is   specified.
                                                  (Beta) Using this field requires
                                                  the AnyVolumeDataSource feature
                                                  gate to be enabled.'
                                                properties:
                                                  apiGroup:
                                                    description: APIGroup is the group
                                                      for the resource being referenced.
                                                      If APIGroup is not specified,
                                                      the specified Kind must be in
                                                      the core API group. For any
                                                      other third-party types, APIGroup
                                                      is required.
                                                    type: string
                                                  kind:
                                                    description: Kind is the type
                                                      of resource being referenced
                                                    type: string
                                                  name:
                                                    description: Name is the name
                                                      of resource being referenced
                                                    type: string
                                                required:
                                                - kind
                                                - name
                                                type: object
                                              resources:
                                                description: 'resources represents
                                                  the minimum resources the volume
                                                  should have. If RecoverVolumeExpansionFailure
                                                  feature is enabled users are allowed
                                                  to specify resource requirements
                                                  that are lower than previous value
                                                  but must still be higher than capacity
                                                  recorded in the status field of
                                                  the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
                                                properties:
                                                  limits:
                                                    additionalProperties:
                                                      anyOf:
                                                      - type: integer
                                                      - type: string
                                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                      x-kubernetes-int-or-string: true
                                                    description: 'Limits describes
                                                      the maximum amount of compute
                                                      resources allowed. More info:
                                                      https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                                    type: object
                                                  requests:
                                                    additionalProperties:
                                                      anyOf:
                                                      - type: integer
                                                      - type: string
                                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                      x-kubernetes-int-or-string: true
                                                    description: 'Requests describes
                                                      the minimum amount of compute
                                                      resources required. If Requests
                                                      is omitted for a container,
                                                      it defaults to Limits if that
                                                      is explicitly specified, otherwise
                                                      to an implementation-defined
                                                      value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                                    type: object
                                                type: object
                                              selector:
                                                description: selector is a label query
                                                  over volumes to consider for binding.
                                                properties:
                                                  matchExpressions:
                                                    description: matchExpressions
                                                      is a list of label selector
                                                      requirements. The requirements
                                                      are ANDed.
                                                    items:
                                                      description: A label selector
                                                        requirement is a selector
                                                        that contains values, a key,
                                                        and an operator that relates
                                                        the key and values.
                                                      properties:
                                                        key:
                                                          description: key is the
                                                            label key that the selector
                                                            applies to.
                                                          type: string
                                                        operator:
                                                          description: operator represents
                                                            a key's relationship to
                                                            a set of values. Valid
                                                            operators are In, NotIn,
                                                            Exists and DoesNotExist.
                                                          type: string
                                                        values:
                                                          description: values is an
                                                            array of string values.
                                                            If the operator is In
                                                            or NotIn, the values array
                                                            must be non-empty. If
                                                            the operator is Exists
                                                            or DoesNotExist, the values
                                                            array must be empty. This
                                                            array is replaced during
                                                            a strategic merge patch.
                                                          items:
                                                            type: string
                                                          type: array
                                                      required:
                                                      - key
                                                      - operator
                                                      type: object
                                                    type: array
                                                  matchLabels:
                                                    additionalProperties:
                                                      type: string
                                                    description: matchLabels is a
                                                      map of {key,value} pairs. A
                                                      single {key,value} in the matchLabels
                                                      map is equivalent to an element
                                                      of matchExpressions, whose key
                                                      field is "key", the operator
                                                      is "In", and the values array
                                                      contains only "value". The requirements
                                                      are ANDed.
                                                    type: object
                                                type: object
                                              storageClassName:
                                                description: 'storageClassName is
                                                  the name of the StorageClass required
                                                  by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
                                                type: string
                                              volumeMode:
                                                description: volumeMode defines what
                                                  type of volume is required by the
                                                  claim. Value of Filesystem is implied
                                                  when not included in claim spec.
                                                type: string
                                              volumeName:
                                                description: volumeName is the binding
                                                  reference to the PersistentVolume
                                                  backing this claim.
                                                type: string
                                            type: object
                                        required:
                                        - spec
                                        type: object
                                    type: object
                                  fc:
                                    description: fc represents a Fibre Channel resource
                                      that is attached to a kubelet's host machine
                                      and then exposed to the pod.
                                    properties:
                                      fsType:
                                        description: 'fsType is the filesystem type
                                          to mount. Must be a filesystem type supported
                                          by the host operating system. Ex. "ext4",
                                          "xfs", "ntfs". Implicitly inferred to be
                                          "ext4" if unspecified. TODO: how do we prevent
                                          errors in the filesystem from compromising
                                          the machine'
                                        type: string
                                      lun:
                                        description: 'lun is Optional: FC target lun
                                          number'
                                        format: int32
                                        type: integer
                                      readOnly:
                                        description: 'readOnly is Optional: Defaults
                                          to false (read/write). ReadOnly here will
                                          force the ReadOnly setting in VolumeMounts.'
                                        type: boolean
                                      targetWWNs:
                                        description: 'targetWWNs is Optional: FC target
                                          worldwide names (WWNs)'
                                        items:
                                          type: string
                                        type: array
                                      wwids:
                                        description: 'wwids Optional: FC volume world
                                          wide identifiers (wwids) Either wwids or
                                          combination of targetWWNs and lun must be
                                          set, but not both simultaneously.'
                                        items:
                                          type: string
                                        type: array
                                    type: object
                                  flexVolume:
                                    description: flexVolume represents a generic volume
                                      resource that is provisioned/attached using
                                      an exec based plugin.
                                    properties:
                                      driver:
                                        description: driver is the name of the driver
                                          to use for this volume.
                                        type: string
                                      fsType:
                                        description: fsType is the filesystem type
                                          to mount. Must be a filesystem type supported
                                          by the host operating system. Ex. "ext4",
                                          "xfs", "ntfs". The default filesystem depends
                                          on FlexVolume script.
                                        type: string
                                      options:
                                        additionalProperties:
                                          type: string
                                        description: 'options is Optional: this field
                                          holds extra command options if any.'
                                        type: object
                                      readOnly:
                                        description: 'readOnly is Optional: defaults
                                          to false (read/write). ReadOnly here will
                                          force the ReadOnly setting in VolumeMounts.'
                                        type: boolean
                                      secretRef:
                                        description: 'secretRef is Optional: secretRef
                                          is reference to the secret object containing
                                          sensitive information to pass to the plugin
                                          scripts. This may be empty if no secret
                                          object is specified. If the secret object
                                          contains more than one secret, all secrets
                                          are passed to the plugin scripts.'
                                        properties:
                                          name:
                                            description: 'Name of the referent. More
                                              info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                              TODO: Add other useful fields. apiVersion,
                                              kind, uid?'
                                            type: string
                                        type: object
                                    required:
                                    - driver
                                    type: object
                                  flocker:
                                    description: flocker represents a Flocker volume
                                      attached to a kubelet's host machine. This depends
                                      on the Flocker control service being running
                                    properties:
                                      datasetName:
                                        description: datasetName is Name of the dataset
                                          stored as metadata -> name on the dataset
                                          for Flocker should be considered as deprecated
                                        type: string
                                      datasetUUID:
                                        description: datasetUUID is the UUID of the
                                          dataset. This is unique identifier of a
                                          Flocker dataset
                                        type: string
                                    type: object
                                  gcePersistentDisk:
                                    description: 'gcePersistentDisk represents a GCE
                                      Disk resource that is attached to a kubelet''s
                                      host machine and then exposed to the pod. More
                                      info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
                                    properties:
                                      fsType:
                                        description: 'fsType is filesystem type of
                                          the volume that you want to mount. Tip:
                                          Ensure that the filesystem type is supported
                                          by the host operating system. Examples:
                                          "ext4", "xfs", "ntfs". Implicitly inferred
                                          to be "ext4" if unspecified. More info:
                                          https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
                                          TODO: how do we prevent errors in the filesystem
                                          from compromising the machine'
                                        type: string
                                      partition:
                                        description: 'partition is the partition in
                                          the volume that you want to mount. If omitted,
                                          the default is to mount by volume name.
                                          Examples: For volume /dev/sda1, you specify
                                          the partition as "1". Similarly, the volume
                                          partition for /dev/sda is "0" (or you can
                                          leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
                                        format: int32
                                        type: integer
                                      pdName:
                                        description: 'pdName is unique name of the
                                          PD resource in GCE. Used to identify the
                                          disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
                                        type: string
                                      readOnly:
                                        description: 'readOnly here will force the
                                          ReadOnly setting in VolumeMounts. Defaults
                                          to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
                                        type: boolean
                                    required:
                                    - pdName
                                    type: object
                                  gitRepo:
                                    description: 'gitRepo represents a git repository
                                      at a particular revision. DEPRECATED: GitRepo
                                      is deprecated. To provision a container with
                                      a git repo, mount an EmptyDir into an InitContainer
                                      that clones the repo using git, then mount the
                                      EmptyDir into the Pod''s container.'
                                    properties:
                                      directory:
                                        description: directory is the target directory
                                          name. Must not contain or start with '..'.  If
                                          '.' is supplied, the volume directory will
                                          be the git repository.  Otherwise, if specified,
                                          the volume will contain the git repository
                                          in the subdirectory with the given name.
                                        type: string
                                      repository:
                                        description: repository is the URL
                                        type: string
                                      revision:
                                        description: revision is the commit hash for
                                          the specified revision.
                                        type: string
                                    required:
                                    - repository
                                    type: object
                                  glusterfs:
                                    description: 'glusterfs represents a Glusterfs
                                      mount on the host that shares a pod''s lifetime.
                                      More info: https://examples.k8s.io/volumes/glusterfs/README.md'
                                    properties:
                                      endpoints:
                                        description: 'endpoints is the endpoint name
                                          that details Glusterfs topology. More info:
                                          https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
                                        type: string
                                      path:
                                        description: 'path is the Glusterfs volume
                                          path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
                                        type: string
                                      readOnly:
                                        description: 'readOnly here will force the
                                          Glusterfs volume to be mounted with read-only
                                          permissions. Defaults to false. More info:
                                          https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
                                        type: boolean
                                    required:
                                    - endpoints
                                    - path
                                    type: object
                                  hostPath:
                                    description: 'hostPath represents a pre-existing
                                      file or directory on the host machine that is
                                      directly exposed to the container. This is generally
                                      used for system agents or other privileged things
                                      that are allowed to see the host machine. Most
                                      containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
                                      --- TODO(jonesdl) We need to restrict who can
                                      use host directory mounts and who can/can not
                                      mount host directories as read/write.'
                                    properties:
                                      path:
                                        description: 'path of the directory on the
                                          host. If the path is a symlink, it will
                                          follow the link to the real path. More info:
                                          https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
                                        type: string
                                      type:
                                        description: 'type for HostPath Volume Defaults
                                          to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
                                        type: string
                                    required:
                                    - path
                                    type: object
                                  iscsi:
                                    description: 'iscsi represents an ISCSI Disk resource
                                      that is attached to a kubelet''s host machine
                                      and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
                                    properties:
                                      chapAuthDiscovery:
                                        description: chapAuthDiscovery defines whether
                                          support iSCSI Discovery CHAP authentication
                                        type: boolean
                                      chapAuthSession:
                                        description: chapAuthSession defines whether
                                          support iSCSI Session CHAP authentication
                                        type: boolean
                                      fsType:
                                        description: 'fsType is the filesystem type
                                          of the volume that you want to mount. Tip:
                                          Ensure that the filesystem type is supported
                                          by the host operating system. Examples:
                                          "ext4", "xfs", "ntfs". Implicitly inferred
                                          to be "ext4" if unspecified. More info:
                                          https://kubernetes.io/docs/concepts/storage/volumes#iscsi
                                          TODO: how do we prevent errors in the filesystem
                                          from compromising the machine'
                                        type: string
                                      initiatorName:
                                        description: initiatorName is the custom iSCSI
                                          Initiator Name. If initiatorName is specified
                                          with iscsiInterface simultaneously, new
                                          iSCSI interface <target portal>:<volume
                                          name> will be created for the connection.
                                        type: string
                                      iqn:
                                        description: iqn is the target iSCSI Qualified
                                          Name.
                                        type: string
                                      iscsiInterface:
                                        description: iscsiInterface is the interface
                                          Name that uses an iSCSI transport. Defaults
                                          to 'default' (tcp).
                                        type: string
                                      lun:
                                        description: lun represents iSCSI Target Lun
                                          number.
                                        format: int32
                                        type: integer
                                      portals:
                                        description: portals is the iSCSI Target Portal
                                          List. The portal is either an IP or ip_addr:port
                                          if the port is other than default (typically
                                          TCP ports 860 and 3260).
                                        items:
                                          type: string
                                        type: array
                                      readOnly:
                                        description: readOnly here will force the
                                          ReadOnly setting in VolumeMounts. Defaults
                                          to false.
                                        type: boolean
                                      secretRef:
                                        description: secretRef is the CHAP Secret
                                          for iSCSI target and initiator authentication
                                        properties:
                                          name:
                                            description: 'Name of the referent. More
                                              info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                              TODO: Add other useful fields. apiVersion,
                                              kind, uid?'
                                            type: string
                                        type: object
                                      targetPortal:
                                        description: targetPortal is iSCSI Target
                                          Portal. The Portal is either an IP or ip_addr:port
                                          if the port is other than default (typically
                                          TCP ports 860 and 3260).
                                        type: string
                                    required:
                                    - iqn
                                    - lun
                                    - targetPortal
                                    type: object
                                  name:
                                    description: 'name of the volume. Must be a DNS_LABEL
                                      and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
                                    type: string
                                  nfs:
                                    description: 'nfs represents an NFS mount on the
                                      host that shares a pod''s lifetime More info:
                                      https://kubernetes.io/docs/concepts/storage/volumes#nfs'
                                    properties:
                                      path:
                                        description: 'path that is exported by the
                                          NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
                                        type: string
                                      readOnly:
                                        description: 'readOnly here will force the
                                          NFS export to be mounted with read-only
                                          permissions. Defaults to false. More info:
                                          https://kubernetes.io/docs/concepts/storage/volumes#nfs'
                                        type: boolean
                                      server:
                                        description: 'server is the hostname or IP
                                          address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
                                        type: string
                                    required:
                                    - path
                                    - server
                                    type: object
                                  persistentVolumeClaim:
                                    description: 'persistentVolumeClaimVolumeSource
                                      represents a reference to a PersistentVolumeClaim
                                      in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
                                    properties:
                                      claimName:
                                        description: 'claimName is the name of a PersistentVolumeClaim
                                          in the same namespace as the pod using this
                                          volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
                                        type: string
                                      readOnly:
                                        description: readOnly Will force the ReadOnly
                                          setting in VolumeMounts. Default false.
                                        type: boolean
                                    required:
                                    - claimName
                                    type: object
                                  photonPersistentDisk:
                                    description: photonPersistentDisk represents a
                                      PhotonController persistent disk attached and
                                      mounted on kubelets host machine
                                    properties:
                                      fsType:
                                        description: fsType is the filesystem type
                                          to mount. Must be a filesystem type supported
                                          by the host operating system. Ex. "ext4",
                                          "xfs", "ntfs". Implicitly inferred to be
                                          "ext4" if unspecified.
                                        type: string
                                      pdID:
                                        description: pdID is the ID that identifies
                                          Photon Controller persistent disk
                                        type: string
                                    required:
                                    - pdID
                                    type: object
                                  portworxVolume:
                                    description: portworxVolume represents a portworx
                                      volume attached and mounted on kubelets host
                                      machine
                                    properties:
                                      fsType:
                                        description: fSType represents the filesystem
                                          type to mount Must be a filesystem type
                                          supported by the host operating system.
                                          Ex. "ext4", "xfs". Implicitly inferred to
                                          be "ext4" if unspecified.
                                        type: string
                                      readOnly:
                                        description: readOnly defaults to false (read/write).
                                          ReadOnly here will force the ReadOnly setting
                                          in VolumeMounts.
                                        type: boolean
                                      volumeID:
                                        description: volumeID uniquely identifies
                                          a Portworx volume
                                        type: string
                                    required:
                                    - volumeID
                                    type: object
                                  projected:
                                    description: projected items for all in one resources
                                      secrets, configmaps, and downward API
                                    properties:
                                      defaultMode:
                                        description: defaultMode are the mode bits
                                          used to set permissions on created files
                                          by default. Must be an octal value between
                                          0000 and 0777 or a decimal value between
                                          0 and 511. YAML accepts both octal and decimal
                                          values, JSON requires decimal values for
                                          mode bits. Directories within the path are
                                          not affected by this setting. This might
                                          be in conflict with other options that affect
                                          the file mode, like fsGroup, and the result
                                          can be other mode bits set.
                                        format: int32
                                        type: integer
                                      sources:
                                        description: sources is the list of volume
                                          projections
                                        items:
                                          description: Projection that may be projected
                                            along with other supported volume types
                                          properties:
                                            configMap:
                                              description: configMap information about
                                                the configMap data to project
                                              properties:
                                                items:
                                                  description: items if unspecified,
                                                    each key-value pair in the Data
                                                    field of the referenced ConfigMap
                                                    will be projected into the volume
                                                    as a file whose name is the key
                                                    and content is the value. If specified,
                                                    the listed keys will be projected
                                                    into the specified paths, and
                                                    unlisted keys will not be present.
                                                    If a key is specified which is
                                                    not present in the ConfigMap,
                                                    the volume setup will error unless
                                                    it is marked optional. Paths must
                                                    be relative and may not contain
                                                    the '..' path or start with '..'.
                                                  items:
                                                    description: Maps a string key
                                                      to a path within a volume.
                                                    properties:
                                                      key:
                                                        description: key is the key
                                                          to project.
                                                        type: string
                                                      mode:
                                                        description: 'mode is Optional:
                                                          mode bits used to set permissions
                                                          on this file. Must be an
                                                          octal value between 0000
                                                          and 0777 or a decimal value
                                                          between 0 and 511. YAML
                                                          accepts both octal and decimal
                                                          values, JSON requires decimal
                                                          values for mode bits. If
                                                          not specified, the volume
                                                          defaultMode will be used.
                                                          This might be in conflict
                                                          with other options that
                                                          affect the file mode, like
                                                          fsGroup, and the result
                                                          can be other mode bits set.'
                                                        format: int32
                                                        type: integer
                                                      path:
                                                        description: path is the relative
                                                          path of the file to map
                                                          the key to. May not be an
                                                          absolute path. May not contain
                                                          the path element '..'. May
                                                          not start with the string
                                                          '..'.
                                                        type: string
                                                    required:
                                                    - key
                                                    - path
                                                    type: object
                                                  type: array
                                                name:
                                                  description: 'Name of the referent.
                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                    TODO: Add other useful fields.
                                                    apiVersion, kind, uid?'
                                                  type: string
                                                optional:
                                                  description: optional specify whether
                                                    the ConfigMap or its keys must
                                                    be defined
                                                  type: boolean
                                              type: object
                                            downwardAPI:
                                              description: downwardAPI information
                                                about the downwardAPI data to project
                                              properties:
                                                items:
                                                  description: Items is a list of
                                                    DownwardAPIVolume file
                                                  items:
                                                    description: DownwardAPIVolumeFile
                                                      represents information to create
                                                      the file containing the pod
                                                      field
                                                    properties:
                                                      fieldRef:
                                                        description: 'Required: Selects
                                                          a field of the pod: only
                                                          annotations, labels, name
                                                          and namespace are supported.'
                                                        properties:
                                                          apiVersion:
                                                            description: Version of
                                                              the schema the FieldPath
                                                              is written in terms
                                                              of, defaults to "v1".
                                                            type: string
                                                          fieldPath:
                                                            description: Path of the
                                                              field to select in the
                                                              specified API version.
                                                            type: string
                                                        required:
                                                        - fieldPath
                                                        type: object
                                                      mode:
                                                        description: 'Optional: mode
                                                          bits used to set permissions
                                                          on this file, must be an
                                                          octal value between 0000
                                                          and 0777 or a decimal value
                                                          between 0 and 511. YAML
                                                          accepts both octal and decimal
                                                          values, JSON requires decimal
                                                          values for mode bits. If
                                                          not specified, the volume
                                                          defaultMode will be used.
                                                          This might be in conflict
                                                          with other options that
                                                          affect the file mode, like
                                                          fsGroup, and the result
                                                          can be other mode bits set.'
                                                        format: int32
                                                        type: integer
                                                      path:
                                                        description: 'Required: Path
                                                          is  the relative path name
                                                          of the file to be created.
                                                          Must not be absolute or
                                                          contain the ''..'' path.
                                                          Must be utf-8 encoded. The
                                                          first item of the relative
                                                          path must not start with
                                                          ''..'''
                                                        type: string
                                                      resourceFieldRef:
                                                        description: 'Selects a resource
                                                          of the container: only resources
                                                          limits and requests (limits.cpu,
                                                          limits.memory, requests.cpu
                                                          and requests.memory) are
                                                          currently supported.'
                                                        properties:
                                                          containerName:
                                                            description: 'Container
                                                              name: required for volumes,
                                                              optional for env vars'
                                                            type: string
                                                          divisor:
                                                            anyOf:
                                                            - type: integer
                                                            - type: string
                                                            description: Specifies
                                                              the output format of
                                                              the exposed resources,
                                                              defaults to "1"
                                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                            x-kubernetes-int-or-string: true
                                                          resource:
                                                            description: 'Required:
                                                              resource to select'
                                                            type: string
                                                        required:
                                                        - resource
                                                        type: object
                                                    required:
                                                    - path
                                                    type: object
                                                  type: array
                                              type: object
                                            secret:
                                              description: secret information about
                                                the secret data to project
                                              properties:
                                                items:
                                                  description: items if unspecified,
                                                    each key-value pair in the Data
                                                    field of the referenced Secret
                                                    will be projected into the volume
                                                    as a file whose name is the key
                                                    and content is the value. If specified,
                                                    the listed keys will be projected
                                                    into the specified paths, and
                                                    unlisted keys will not be present.
                                                    If a key is specified which is
                                                    not present in the Secret, the
                                                    volume setup will error unless
                                                    it is marked optional. Paths must
                                                    be relative and may not contain
                                                    the '..' path or start with '..'.
                                                  items:
                                                    description: Maps a string key
                                                      to a path within a volume.
                                                    properties:
                                                      key:
                                                        description: key is the key
                                                          to project.
                                                        type: string
                                                      mode:
                                                        description: 'mode is Optional:
                                                          mode bits used to set permissions
                                                          on this file. Must be an
                                                          octal value between 0000
                                                          and 0777 or a decimal value
                                                          between 0 and 511. YAML
                                                          accepts both octal and decimal
                                                          values, JSON requires decimal
                                                          values for mode bits. If
                                                          not specified, the volume
                                                          defaultMode will be used.
                                                          This might be in conflict
                                                          with other options that
                                                          affect the file mode, like
                                                          fsGroup, and the result
                                                          can be other mode bits set.'
                                                        format: int32
                                                        type: integer
                                                      path:
                                                        description: path is the relative
                                                          path of the file to map
                                                          the key to. May not be an
                                                          absolute path. May not contain
                                                          the path element '..'. May
                                                          not start with the string
                                                          '..'.
                                                        type: string
                                                    required:
                                                    - key
                                                    - path
                                                    type: object
                                                  type: array
                                                name:
                                                  description: 'Name of the referent.
                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                    TODO: Add other useful fields.
                                                    apiVersion, kind, uid?'
                                                  type: string
                                                optional:
                                                  description: optional field specify
                                                    whether the Secret or its key
                                                    must be defined
                                                  type: boolean
                                              type: object
                                            serviceAccountToken:
                                              description: serviceAccountToken is
                                                information about the serviceAccountToken
                                                data to project
                                              properties:
                                                audience:
                                                  description: audience is the intended
                                                    audience of the token. A recipient
                                                    of a token must identify itself
                                                    with an identifier specified in
                                                    the audience of the token, and
                                                    otherwise should reject the token.
                                                    The audience defaults to the identifier
                                                    of the apiserver.
                                                  type: string
                                                expirationSeconds:
                                                  description: expirationSeconds is
                                                    the requested duration of validity
                                                    of the service account token.
                                                    As the token approaches expiration,
                                                    the kubelet volume plugin will
                                                    proactively rotate the service
                                                    account token. The kubelet will
                                                    start trying to rotate the token
                                                    if the token is older than 80
                                                    percent of its time to live or
                                                    if the token is older than 24
                                                    hours.Defaults to 1 hour and must
                                                    be at least 10 minutes.
                                                  format: int64
                                                  type: integer
                                                path:
                                                  description: path is the path relative
                                                    to the mount point of the file
                                                    to project the token into.
                                                  type: string
                                              required:
                                              - path
                                              type: object
                                          type: object
                                        type: array
                                    type: object
                                  quobyte:
                                    description: quobyte represents a Quobyte mount
                                      on the host that shares a pod's lifetime
                                    properties:
                                      group:
                                        description: group to map volume access to
                                          Default is no group
                                        type: string
                                      readOnly:
                                        description: readOnly here will force the
                                          Quobyte volume to be mounted with read-only
                                          permissions. Defaults to false.
                                        type: boolean
                                      registry:
                                        description: registry represents a single
                                          or multiple Quobyte Registry services specified
                                          as a string as host:port pair (multiple
                                          entries are separated with commas) which
                                          acts as the central registry for volumes
                                        type: string
                                      tenant:
                                        description: tenant owning the given Quobyte
                                          volume in the Backend Used with dynamically
                                          provisioned Quobyte volumes, value is set
                                          by the plugin
                                        type: string
                                      user:
                                        description: user to map volume access to
                                          Defaults to serivceaccount user
                                        type: string
                                      volume:
                                        description: volume is a string that references
                                          an already created Quobyte volume by name.
                                        type: string
                                    required:
                                    - registry
                                    - volume
                                    type: object
                                  rbd:
                                    description: 'rbd represents a Rados Block Device
                                      mount on the host that shares a pod''s lifetime.
                                      More info: https://examples.k8s.io/volumes/rbd/README.md'
                                    properties:
                                      fsType:
                                        description: 'fsType is the filesystem type
                                          of the volume that you want to mount. Tip:
                                          Ensure that the filesystem type is supported
                                          by the host operating system. Examples:
                                          "ext4", "xfs", "ntfs". Implicitly inferred
                                          to be "ext4" if unspecified. More info:
                                          https://kubernetes.io/docs/concepts/storage/volumes#rbd
                                          TODO: how do we prevent errors in the filesystem
                                          from compromising the machine'
                                        type: string
                                      image:
                                        description: 'image is the rados image name.
                                          More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                        type: string
                                      keyring:
                                        description: 'keyring is the path to key ring
                                          for RBDUser. Default is /etc/ceph/keyring.
                                          More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                        type: string
                                      monitors:
                                        description: 'monitors is a collection of
                                          Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                        items:
                                          type: string
                                        type: array
                                      pool:
                                        description: 'pool is the rados pool name.
                                          Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                        type: string
                                      readOnly:
                                        description: 'readOnly here will force the
                                          ReadOnly setting in VolumeMounts. Defaults
                                          to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                        type: boolean
                                      secretRef:
                                        description: 'secretRef is name of the authentication
                                          secret for RBDUser. If provided overrides
                                          keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                        properties:
                                          name:
                                            description: 'Name of the referent. More
                                              info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                              TODO: Add other useful fields. apiVersion,
                                              kind, uid?'
                                            type: string
                                        type: object
                                      user:
                                        description: 'user is the rados user name.
                                          Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                                        type: string
                                    required:
                                    - image
                                    - monitors
                                    type: object
                                  scaleIO:
                                    description: scaleIO represents a ScaleIO persistent
                                      volume attached and mounted on Kubernetes nodes.
                                    properties:
                                      fsType:
                                        description: fsType is the filesystem type
                                          to mount. Must be a filesystem type supported
                                          by the host operating system. Ex. "ext4",
                                          "xfs", "ntfs". Default is "xfs".
                                        type: string
                                      gateway:
                                        description: gateway is the host address of
                                          the ScaleIO API Gateway.
                                        type: string
                                      protectionDomain:
                                        description: protectionDomain is the name
                                          of the ScaleIO Protection Domain for the
                                          configured storage.
                                        type: string
                                      readOnly:
                                        description: readOnly Defaults to false (read/write).
                                          ReadOnly here will force the ReadOnly setting
                                          in VolumeMounts.
                                        type: boolean
                                      secretRef:
                                        description: secretRef references to the secret
                                          for ScaleIO user and other sensitive information.
                                          If this is not provided, Login operation
                                          will fail.
                                        properties:
                                          name:
                                            description: 'Name of the referent. More
                                              info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                              TODO: Add other useful fields. apiVersion,
                                              kind, uid?'
                                            type: string
                                        type: object
                                      sslEnabled:
                                        description: sslEnabled Flag enable/disable
                                          SSL communication with Gateway, default
                                          false
                                        type: boolean
                                      storageMode:
                                        description: storageMode indicates whether
                                          the storage for a volume should be ThickProvisioned
                                          or ThinProvisioned. Default is ThinProvisioned.
                                        type: string
                                      storagePool:
                                        description: storagePool is the ScaleIO Storage
                                          Pool associated with the protection domain.
                                        type: string
                                      system:
                                        description: system is the name of the storage
                                          system as configured in ScaleIO.
                                        type: string
                                      volumeName:
                                        description: volumeName is the name of a volume
                                          already created in the ScaleIO system that
                                          is associated with this volume source.
                                        type: string
                                    required:
                                    - gateway
                                    - secretRef
                                    - system
                                    type: object
                                  secret:
                                    description: 'secret represents a secret that
                                      should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
                                    properties:
                                      defaultMode:
                                        description: 'defaultMode is Optional: mode
                                          bits used to set permissions on created
                                          files by default. Must be an octal value
                                          between 0000 and 0777 or a decimal value
                                          between 0 and 511. YAML accepts both octal
                                          and decimal values, JSON requires decimal
                                          values for mode bits. Defaults to 0644.
                                          Directories within the path are not affected
                                          by this setting. This might be in conflict
                                          with other options that affect the file
                                          mode, like fsGroup, and the result can be
                                          other mode bits set.'
                                        format: int32
                                        type: integer
                                      items:
                                        description: items If unspecified, each key-value
                                          pair in the Data field of the referenced
                                          Secret will be projected into the volume
                                          as a file whose name is the key and content
                                          is the value. If specified, the listed keys
                                          will be projected into the specified paths,
                                          and unlisted keys will not be present. If
                                          a key is specified which is not present
                                          in the Secret, the volume setup will error
                                          unless it is marked optional. Paths must
                                          be relative and may not contain the '..'
                                          path or start with '..'.
                                        items:
                                          description: Maps a string key to a path
                                            within a volume.
                                          properties:
                                            key:
                                              description: key is the key to project.
                                              type: string
                                            mode:
                                              description: 'mode is Optional: mode
                                                bits used to set permissions on this
                                                file. Must be an octal value between
                                                0000 and 0777 or a decimal value between
                                                0 and 511. YAML accepts both octal
                                                and decimal values, JSON requires
                                                decimal values for mode bits. If not
                                                specified, the volume defaultMode
                                                will be used. This might be in conflict
                                                with other options that affect the
                                                file mode, like fsGroup, and the result
                                                can be other mode bits set.'
                                              format: int32
                                              type: integer
                                            path:
                                              description: path is the relative path
                                                of the file to map the key to. May
                                                not be an absolute path. May not contain
                                                the path element '..'. May not start
                                                with the string '..'.
                                              type: string
                                          required:
                                          - key
                                          - path
                                          type: object
                                        type: array
                                      optional:
                                        description: optional field specify whether
                                          the Secret or its keys must be defined
                                        type: boolean
                                      secretName:
                                        description: 'secretName is the name of the
                                          secret in the pod''s namespace to use. More
                                          info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
                                        type: string
                                    type: object
                                  storageos:
                                    description: storageOS represents a StorageOS
                                      volume attached and mounted on Kubernetes nodes.
                                    properties:
                                      fsType:
                                        description: fsType is the filesystem type
                                          to mount. Must be a filesystem type supported
                                          by the host operating system. Ex. "ext4",
                                          "xfs", "ntfs". Implicitly inferred to be
                                          "ext4" if unspecified.
                                        type: string
                                      readOnly:
                                        description: readOnly defaults to false (read/write).
                                          ReadOnly here will force the ReadOnly setting
                                          in VolumeMounts.
                                        type: boolean
                                      secretRef:
                                        description: secretRef specifies the secret
                                          to use for obtaining the StorageOS API credentials.  If
                                          not specified, default values will be attempted.
                                        properties:
                                          name:
                                            description: 'Name of the referent. More
                                              info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                              TODO: Add other useful fields. apiVersion,
                                              kind, uid?'
                                            type: string
                                        type: object
                                      volumeName:
                                        description: volumeName is the human-readable
                                          name of the StorageOS volume.  Volume names
                                          are only unique within a namespace.
                                        type: string
                                      volumeNamespace:
                                        description: volumeNamespace specifies the
                                          scope of the volume within StorageOS.  If
                                          no namespace is specified then the Pod's
                                          namespace will be used.  This allows the
                                          Kubernetes name scoping to be mirrored within
                                          StorageOS for tighter integration. Set VolumeName
                                          to any name to override the default behaviour.
                                          Set to "default" if you are not using namespaces
                                          within StorageOS. Namespaces that do not
                                          pre-exist within StorageOS will be created.
                                        type: string
                                    type: object
                                  vsphereVolume:
                                    description: vsphereVolume represents a vSphere
                                      volume attached and mounted on kubelets host
                                      machine
                                    properties:
                                      fsType:
                                        description: fsType is filesystem type to
                                          mount. Must be a filesystem type supported
                                          by the host operating system. Ex. "ext4",
                                          "xfs", "ntfs". Implicitly inferred to be
                                          "ext4" if unspecified.
                                        type: string
                                      storagePolicyID:
                                        description: storagePolicyID is the storage
                                          Policy Based Management (SPBM) profile ID
                                          associated with the StoragePolicyName.
                                        type: string
                                      storagePolicyName:
                                        description: storagePolicyName is the storage
                                          Policy Based Management (SPBM) profile name.
                                        type: string
                                      volumePath:
                                        description: volumePath is the path that identifies
                                          vSphere volume vmdk
                                        type: string
                                    required:
                                    - volumePath
                                    type: object
                                required:
                                - name
                                type: object
                              type: array
                              x-kubernetes-list-type: atomic
                          type: object
                        taskServiceAccountName:
                          type: string
                      type: object
                    type: array
                  timeout:
                    description: 'Time after which the Pipeline times out. Defaults
                      to never. Refer to Go''s ParseDuration documentation for expected
                      format: https://golang.org/pkg/time/#ParseDuration'
                    type: string
                  workspaces:
                    description: Workspaces holds a set of workspace bindings that
                      must match names with those declared in the pipeline.
                    items:
                      description: WorkspaceBinding maps a Task's declared workspace
                        to a Volume.
                      properties:
                        configMap:
                          description: ConfigMap represents a configMap that should
                            populate this workspace.
                          properties:
                            defaultMode:
                              description: 'defaultMode is optional: mode bits used
                                to set permissions on created files by default. Must
                                be an octal value between 0000 and 0777 or a decimal
                                value between 0 and 511. YAML accepts both octal and
                                decimal values, JSON requires decimal values for mode
                                bits. Defaults to 0644. Directories within the path
                                are not affected by this setting. This might be in
                                conflict with other options that affect the file mode,
                                like fsGroup, and the result can be other mode bits
                                set.'
                              format: int32
                              type: integer
                            items:
                              description: items if unspecified, each key-value pair
                                in the Data field of the referenced ConfigMap will
                                be projected into the volume as a file whose name
                                is the key and content is the value. If specified,
                                the listed keys will be projected into the specified
                                paths, and unlisted keys will not be present. If a
                                key is specified which is not present in the ConfigMap,
                                the volume setup will error unless it is marked optional.
                                Paths must be relative and may not contain the '..'
                                path or start with '..'.
                              items:
                                description: Maps a string key to a path within a
                                  volume.
                                properties:
                                  key:
                                    description: key is the key to project.
                                    type: string
                                  mode:
                                    description: 'mode is Optional: mode bits used
                                      to set permissions on this file. Must be an
                                      octal value between 0000 and 0777 or a decimal
                                      value between 0 and 511. YAML accepts both octal
                                      and decimal values, JSON requires decimal values
                                      for mode bits. If not specified, the volume
                                      defaultMode will be used. This might be in conflict
                                      with other options that affect the file mode,
                                      like fsGroup, and the result can be other mode
                                      bits set.'
                                    format: int32
                                    type: integer
                                  path:
                                    description: path is the relative path of the
                                      file to map the key to. May not be an absolute
                                      path. May not contain the path element '..'.
                                      May not start with the string '..'.
                                    type: string
                                required:
                                - key
                                - path
                                type: object
                              type: array
                            name:
                              description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                TODO: Add other useful fields. apiVersion, kind, uid?'
                              type: string
                            optional:
                              description: optional specify whether the ConfigMap
                                or its keys must be defined
                              type: boolean
                          type: object
                        emptyDir:
                          description: 'EmptyDir represents a temporary directory
                            that shares a Task''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
                            Either this OR PersistentVolumeClaim can be used.'
                          properties:
                            medium:
                              description: 'medium represents what type of storage
                                medium should back this directory. The default is
                                "" which means to use the node''s default medium.
                                Must be an empty string (default) or Memory. More
                                info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
                              type: string
                            sizeLimit:
                              anyOf:
                              - type: integer
                              - type: string
                              description: 'sizeLimit is the total amount of local
                                storage required for this EmptyDir volume. The size
                                limit is also applicable for memory medium. The maximum
                                usage on memory medium EmptyDir would be the minimum
                                value between the SizeLimit specified here and the
                                sum of memory limits of all containers in a pod. The
                                default is nil which means that the limit is undefined.
                                More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                              x-kubernetes-int-or-string: true
                          type: object
                        name:
                          description: Name is the name of the workspace populated
                            by the volume.
                          type: string
                        persistentVolumeClaim:
                          description: PersistentVolumeClaimVolumeSource represents
                            a reference to a PersistentVolumeClaim in the same namespace.
                            Either this OR EmptyDir can be used.
                          properties:
                            claimName:
                              description: 'claimName is the name of a PersistentVolumeClaim
                                in the same namespace as the pod using this volume.
                                More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
                              type: string
                            readOnly:
                              description: readOnly Will force the ReadOnly setting
                                in VolumeMounts. Default false.
                              type: boolean
                          required:
                          - claimName
                          type: object
                        secret:
                          description: Secret represents a secret that should populate
                            this workspace.
                          properties:
                            defaultMode:
                              description: 'defaultMode is Optional: mode bits used
                                to set permissions on created files by default. Must
                                be an octal value between 0000 and 0777 or a decimal
                                value between 0 and 511. YAML accepts both octal and
                                decimal values, JSON requires decimal values for mode
                                bits. Defaults to 0644. Directories within the path
                                are not affected by this setting. This might be in
                                conflict with other options that affect the file mode,
                                like fsGroup, and the result can be other mode bits
                                set.'
                              format: int32
                              type: integer
                            items:
                              description: items If unspecified, each key-value pair
                                in the Data field of the referenced Secret will be
                                projected into the volume as a file whose name is
                                the key and content is the value. If specified, the
                                listed keys will be projected into the specified paths,
                                and unlisted keys will not be present. If a key is
                                specified which is not present in the Secret, the
                                volume setup will error unless it is marked optional.
                                Paths must be relative and may not contain the '..'
                                path or start with '..'.
                              items:
                                description: Maps a string key to a path within a
                                  volume.
                                properties:
                                  key:
                                    description: key is the key to project.
                                    type: string
                                  mode:
                                    description: 'mode is Optional: mode bits used
                                      to set permissions on this file. Must be an
                                      octal value between 0000 and 0777 or a decimal
                                      value between 0 and 511. YAML accepts both octal
                                      and decimal values, JSON requires decimal values
                                      for mode bits. If not specified, the volume
                                      defaultMode will be used. This might be in conflict
                                      with other options that affect the file mode,
                                      like fsGroup, and the result can be other mode
                                      bits set.'
                                    format: int32
                                    type: integer
                                  path:
                                    description: path is the relative path of the
                                      file to map the key to. May not be an absolute
                                      path. May not contain the path element '..'.
                                      May not start with the string '..'.
                                    type: string
                                required:
                                - key
                                - path
                                type: object
                              type: array
                            optional:
                              description: optional field specify whether the Secret
                                or its keys must be defined
                              type: boolean
                            secretName:
                              description: 'secretName is the name of the secret in
                                the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
                              type: string
                          type: object
                        subPath:
                          description: SubPath is optionally a directory on the volume
                            which should be used for this binding (i.e. the volume
                            will be mounted at this sub directory).
                          type: string
                        volumeClaimTemplate:
                          description: VolumeClaimTemplate is a template for a claim
                            that will be created in the same namespace. The PipelineRun
                            controller is responsible for creating a unique claim
                            for each instance of PipelineRun.
                          properties:
                            apiVersion:
                              description: 'APIVersion defines the versioned schema
                                of this representation of an object. Servers should
                                convert recognized schemas to the latest internal
                                value, and may reject unrecognized values. More info:
                                https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
                              type: string
                            kind:
                              description: 'Kind is a string value representing the
                                REST resource this object represents. Servers may
                                infer this from the endpoint the client submits requests
                                to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
                              type: string
                            metadata:
                              description: 'Standard object''s metadata. More info:
                                https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata'
                              type: object
                            spec:
                              description: 'spec defines the desired characteristics
                                of a volume requested by a pod author. More info:
                                https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
                              properties:
                                accessModes:
                                  description: 'accessModes contains the desired access
                                    modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
                                  items:
                                    type: string
                                  type: array
                                dataSource:
                                  description: 'dataSource field can be used to specify
                                    either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
                                    * An existing PVC (PersistentVolumeClaim) If the
                                    provisioner or an external controller can support
                                    the specified data source, it will create a new
                                    volume based on the contents of the specified
                                    data source. If the AnyVolumeDataSource feature
                                    gate is enabled, this field will always have the
                                    same contents as the DataSourceRef field.'
                                  properties:
                                    apiGroup:
                                      description: APIGroup is the group for the resource
                                        being referenced. If APIGroup is not specified,
                                        the specified Kind must be in the core API
                                        group. For any other third-party types, APIGroup
                                        is required.
                                      type: string
                                    kind:
                                      description: Kind is the type of resource being
                                        referenced
                                      type: string
                                    name:
                                      description: Name is the name of resource being
                                        referenced
                                      type: string
                                  required:
                                  - kind
                                  - name
                                  type: object
                                dataSourceRef:
                                  description: 'dataSourceRef specifies the object
                                    from which to populate the volume with data, if
                                    a non-empty volume is desired. This may be any
                                    local object from a non-empty API group (non core
                                    object) or a PersistentVolumeClaim object. When
                                    this field is specified, volume binding will only
                                    succeed if the type of the specified object matches
                                    some installed volume populator or dynamic provisioner.
                                    This field will replace the functionality of the
                                    DataSource field and as such if both fields are
                                    non-empty, they must have the same value. For
                                    backwards compatibility, both fields (DataSource
                                    and DataSourceRef) will be set to the same value
                                    automatically if one of them is empty and the
                                    other is non-empty. There are two important differences
                                    between DataSource and DataSourceRef: * While
                                    DataSource only allows two specific types of objects,
                                    DataSourceRef   allows any non-core object, as
                                    well as PersistentVolumeClaim objects. * While
                                    DataSource ignores disallowed values (dropping
                                    them), DataSourceRef   preserves all values, and
                                    generates an error if a disallowed value is   specified.
                                    (Beta) Using this field requires the AnyVolumeDataSource
                                    feature gate to be enabled.'
                                  properties:
                                    apiGroup:
                                      description: APIGroup is the group for the resource
                                        being referenced. If APIGroup is not specified,
                                        the specified Kind must be in the core API
                                        group. For any other third-party types, APIGroup
                                        is required.
                                      type: string
                                    kind:
                                      description: Kind is the type of resource being
                                        referenced
                                      type: string
                                    name:
                                      description: Name is the name of resource being
                                        referenced
                                      type: string
                                  required:
                                  - kind
                                  - name
                                  type: object
                                resources:
                                  description: 'resources represents the minimum resources
                                    the volume should have. If RecoverVolumeExpansionFailure
                                    feature is enabled users are allowed to specify
                                    resource requirements that are lower than previous
                                    value but must still be higher than capacity recorded
                                    in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
                                  properties:
                                    limits:
                                      additionalProperties:
                                        anyOf:
                                        - type: integer
                                        - type: string
                                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                        x-kubernetes-int-or-string: true
                                      description: 'Limits describes the maximum amount
                                        of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                      type: object
                                    requests:
                                      additionalProperties:
                                        anyOf:
                                        - type: integer
                                        - type: string
                                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                        x-kubernetes-int-or-string: true
                                      description: 'Requests describes the minimum
                                        amount of compute resources required. If Requests
                                        is omitted for a container, it defaults to
                                        Limits if that is explicitly specified, otherwise
                                        to an implementation-defined value. More info:
                                        https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                      type: object
                                  type: object
                                selector:
                                  description: selector is a label query over volumes
                                    to consider for binding.
                                  properties:
                                    matchExpressions:
                                      description: matchExpressions is a list of label
                                        selector requirements. The requirements are
                                        ANDed.
                                      items:
                                        description: A label selector requirement
                                          is a selector that contains values, a key,
                                          and an operator that relates the key and
                                          values.
                                        properties:
                                          key:
                                            description: key is the label key that
                                              the selector applies to.
                                            type: string
                                          operator:
                                            description: operator represents a key's
                                              relationship to a set of values. Valid
                                              operators are In, NotIn, Exists and
                                              DoesNotExist.
                                            type: string
                                          values:
                                            description: values is an array of string
                                              values. If the operator is In or NotIn,
                                              the values array must be non-empty.
                                              If the operator is Exists or DoesNotExist,
                                              the values array must be empty. This
                                              array is replaced during a strategic
                                              merge patch.
                                            items:
                                              type: string
                                            type: array
                                        required:
                                        - key
                                        - operator
                                        type: object
                                      type: array
                                    matchLabels:
                                      additionalProperties:
                                        type: string
                                      description: matchLabels is a map of {key,value}
                                        pairs. A single {key,value} in the matchLabels
                                        map is equivalent to an element of matchExpressions,
                                        whose key field is "key", the operator is
                                        "In", and the values array contains only "value".
                                        The requirements are ANDed.
                                      type: object
                                  type: object
                                storageClassName:
                                  description: 'storageClassName is the name of the
                                    StorageClass required by the claim. More info:
                                    https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
                                  type: string
                                volumeMode:
                                  description: volumeMode defines what type of volume
                                    is required by the claim. Value of Filesystem
                                    is implied when not included in claim spec.
                                  type: string
                                volumeName:
                                  description: volumeName is the binding reference
                                    to the PersistentVolume backing this claim.
                                  type: string
                              type: object
                            status:
                              description: 'status represents the current information/status
                                of a persistent volume claim. Read-only. More info:
                                https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
                              properties:
                                accessModes:
                                  description: 'accessModes contains the actual access
                                    modes the volume backing the PVC has. More info:
                                    https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
                                  items:
                                    type: string
                                  type: array
                                allocatedResources:
                                  additionalProperties:
                                    anyOf:
                                    - type: integer
                                    - type: string
                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                    x-kubernetes-int-or-string: true
                                  description: allocatedResources is the storage resource
                                    within AllocatedResources tracks the capacity
                                    allocated to a PVC. It may be larger than the
                                    actual capacity when a volume expansion operation
                                    is requested. For storage quota, the larger value
                                    from allocatedResources and PVC.spec.resources
                                    is used. If allocatedResources is not set, PVC.spec.resources
                                    alone is used for quota calculation. If a volume
                                    expansion capacity request is lowered, allocatedResources
                                    is only lowered if there are no expansion operations
                                    in progress and if the actual volume capacity
                                    is equal or lower than the requested capacity.
                                    This is an alpha field and requires enabling RecoverVolumeExpansionFailure
                                    feature.
                                  type: object
                                capacity:
                                  additionalProperties:
                                    anyOf:
                                    - type: integer
                                    - type: string
                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                    x-kubernetes-int-or-string: true
                                  description: capacity represents the actual resources
                                    of the underlying volume.
                                  type: object
                                conditions:
                                  description: conditions is the current Condition
                                    of persistent volume claim. If underlying persistent
                                    volume is being resized then the Condition will
                                    be set to 'ResizeStarted'.
                                  items:
                                    description: PersistentVolumeClaimCondition contails
                                      details about state of pvc
                                    properties:
                                      lastProbeTime:
                                        description: lastProbeTime is the time we
                                          probed the condition.
                                        format: date-time
                                        type: string
                                      lastTransitionTime:
                                        description: lastTransitionTime is the time
                                          the condition transitioned from one status
                                          to another.
                                        format: date-time
                                        type: string
                                      message:
                                        description: message is the human-readable
                                          message indicating details about last transition.
                                        type: string
                                      reason:
                                        description: reason is a unique, this should
                                          be a short, machine understandable string
                                          that gives the reason for condition's last
                                          transition. If it reports "ResizeStarted"
                                          that means the underlying persistent volume
                                          is being resized.
                                        type: string
                                      status:
                                        type: string
                                      type:
                                        description: PersistentVolumeClaimConditionType
                                          is a valid value of PersistentVolumeClaimCondition.Type
                                        type: string
                                    required:
                                    - status
                                    - type
                                    type: object
                                  type: array
                                phase:
                                  description: phase represents the current phase
                                    of PersistentVolumeClaim.
                                  type: string
                                resizeStatus:
                                  description: resizeStatus stores status of resize
                                    operation. ResizeStatus is not set by default
                                    but when expansion is complete resizeStatus is
                                    set to empty string by resize controller or kubelet.
                                    This is an alpha field and requires enabling RecoverVolumeExpansionFailure
                                    feature.
                                  type: string
                              type: object
                          type: object
                      required:
                      - name
                      type: object
                    type: array
                type: object
              pod_spec:
                description: PodSpec provides the basis for running the test under
                  a Kubernetes agent
                properties:
                  activeDeadlineSeconds:
                    description: Optional duration in seconds the pod may be active
                      on the node relative to StartTime before the system will actively
                      try to mark it failed and kill associated containers. Value
                      must be a positive integer.
                    format: int64
                    type: integer
                  affinity:
                    description: If specified, the pod's scheduling constraints
                    properties:
                      nodeAffinity:
                        description: Describes node affinity scheduling rules for
                          the pod.
                        properties:
                          preferredDuringSchedulingIgnoredDuringExecution:
                            description: The scheduler will prefer to schedule pods
                              to nodes that satisfy the affinity expressions specified
                              by this field, but it may choose a node that violates
                              one or more of the expressions. The node that is most
                              preferred is the one with the greatest sum of weights,
                              i.e. for each node that meets all of the scheduling
                              requirements (resource request, requiredDuringScheduling
                              affinity expressions, etc.), compute a sum by iterating
                              through the elements of this field and adding "weight"
                              to the sum if the node matches the corresponding matchExpressions;
                              the node(s) with the highest sum are the most preferred.
                            items:
                              description: An empty preferred scheduling term matches
                                all objects with implicit weight 0 (i.e. it's a no-op).
                                A null preferred scheduling term matches no objects
                                (i.e. is also a no-op).
                              properties:
                                preference:
                                  description: A node selector term, associated with
                                    the corresponding weight.
                                  properties:
                                    matchExpressions:
                                      description: A list of node selector requirements
                                        by node's labels.
                                      items:
                                        description: A node selector requirement is
                                          a selector that contains values, a key,
                                          and an operator that relates the key and
                                          values.
                                        properties:
                                          key:
                                            description: The label key that the selector
                                              applies to.
                                            type: string
                                          operator:
                                            description: Represents a key's relationship
                                              to a set of values. Valid operators
                                              are In, NotIn, Exists, DoesNotExist.
                                              Gt, and Lt.
                                            type: string
                                          values:
                                            description: An array of string values.
                                              If the operator is In or NotIn, the
                                              values array must be non-empty. If the
                                              operator is Exists or DoesNotExist,
                                              the values array must be empty. If the
                                              operator is Gt or Lt, the values array
                                              must have a single element, which will
                                              be interpreted as an integer. This array
                                              is replaced during a strategic merge
                                              patch.
                                            items:
                                              type: string
                                            type: array
                                        required:
                                        - key
                                        - operator
                                        type: object
                                      type: array
                                    matchFields:
                                      description: A list of node selector requirements
                                        by node's fields.
                                      items:
                                        description: A node selector requirement is
                                          a selector that contains values, a key,
                                          and an operator that relates the key and
                                          values.
                                        properties:
                                          key:
                                            description: The label key that the selector
                                              applies to.
                                            type: string
                                          operator:
                                            description: Represents a key's relationship
                                              to a set of values. Valid operators
                                              are In, NotIn, Exists, DoesNotExist.
                                              Gt, and Lt.
                                            type: string
                                          values:
                                            description: An array of string values.
                                              If the operator is In or NotIn, the
                                              values array must be non-empty. If the
                                              operator is Exists or DoesNotExist,
                                              the values array must be empty. If the
                                              operator is Gt or Lt, the values array
                                              must have a single element, which will
                                              be interpreted as an integer. This array
                                              is replaced during a strategic merge
                                              patch.
                                            items:
                                              type: string
                                            type: array
                                        required:
                                        - key
                                        - operator
                                        type: object
                                      type: array
                                  type: object
                                weight:
                                  description: Weight associated with matching the
                                    corresponding nodeSelectorTerm, in the range 1-100.
                                  format: int32
                                  type: integer
                              required:
                              - preference
                              - weight
                              type: object
                            type: array
                          requiredDuringSchedulingIgnoredDuringExecution:
                            description: If the affinity requirements specified by
                              this field are not met at scheduling time, the pod will
                              not be scheduled onto the node. If the affinity requirements
                              specified by this field cease to be met at some point
                              during pod execution (e.g. due to an update), the system
                              may or may not try to eventually evict the pod from
                              its node.
                            properties:
                              nodeSelectorTerms:
                                description: Required. A list of node selector terms.
                                  The terms are ORed.
                                items:
                                  description: A null or empty node selector term
                                    matches no objects. The requirements of them are
                                    ANDed. The TopologySelectorTerm type implements
                                    a subset of the NodeSelectorTerm.
                                  properties:
                                    matchExpressions:
                                      description: A list of node selector requirements
                                        by node's labels.
                                      items:
                                        description: A node selector requirement is
                                          a selector that contains values, a key,
                                          and an operator that relates the key and
                                          values.
                                        properties:
                                          key:
                                            description: The label key that the selector
                                              applies to.
                                            type: string
                                          operator:
                                            description: Represents a key's relationship
                                              to a set of values. Valid operators
                                              are In, NotIn, Exists, DoesNotExist.
                                              Gt, and Lt.
                                            type: string
                                          values:
                                            description: An array of string values.
                                              If the operator is In or NotIn, the
                                              values array must be non-empty. If the
                                              operator is Exists or DoesNotExist,
                                              the values array must be empty. If the
                                              operator is Gt or Lt, the values array
                                              must have a single element, which will
                                              be interpreted as an integer. This array
                                              is replaced during a strategic merge
                                              patch.
                                            items:
                                              type: string
                                            type: array
                                        required:
                                        - key
                                        - operator
                                        type: object
                                      type: array
                                    matchFields:
                                      description: A list of node selector requirements
                                        by node's fields.
                                      items:
                                        description: A node selector requirement is
                                          a selector that contains values, a key,
                                          and an operator that relates the key and
                                          values.
                                        properties:
                                          key:
                                            description: The label key that the selector
                                              applies to.
                                            type: string
                                          operator:
                                            description: Represents a key's relationship
                                              to a set of values. Valid operators
                                              are In, NotIn, Exists, DoesNotExist.
                                              Gt, and Lt.
                                            type: string
                                          values:
                                            description: An array of string values.
                                              If the operator is In or NotIn, the
                                              values array must be non-empty. If the
                                              operator is Exists or DoesNotExist,
                                              the values array must be empty. If the
                                              operator is Gt or Lt, the values array
                                              must have a single element, which will
                                              be interpreted as an integer. This array
                                              is replaced during a strategic merge
                                              patch.
                                            items:
                                              type: string
                                            type: array
                                        required:
                                        - key
                                        - operator
                                        type: object
                                      type: array
                                  type: object
                                type: array
                            required:
                            - nodeSelectorTerms
                            type: object
                        type: object
                      podAffinity:
                        description: Describes pod affinity scheduling rules (e.g.
                          co-locate this pod in the same node, zone, etc. as some
                          other pod(s)).
                        properties:
                          preferredDuringSchedulingIgnoredDuringExecution:
                            description: The scheduler will prefer to schedule pods
                              to nodes that satisfy the affinity expressions specified
                              by this field, but it may choose a node that violates
                              one or more of the expressions. The node that is most
                              preferred is the one with the greatest sum of weights,
                              i.e. for each node that meets all of the scheduling
                              requirements (resource request, requiredDuringScheduling
                              affinity expressions, etc.), compute a sum by iterating
                              through the elements of this field and adding "weight"
                              to the sum if the node has pods which matches the corresponding
                              podAffinityTerm; the node(s) with the highest sum are
                              the most preferred.
                            items:
                              description: The weights of all of the matched WeightedPodAffinityTerm
                                fields are added per-node to find the most preferred
                                node(s)
                              properties:
                                podAffinityTerm:
                                  description: Required. A pod affinity term, associated
                                    with the corresponding weight.
                                  properties:
                                    labelSelector:
                                      description: A label query over a set of resources,
                                        in this case pods.
                                      properties:
                                        matchExpressions:
                                          description: matchExpressions is a list
                                            of label selector requirements. The requirements
                                            are ANDed.
                                          items:
                                            description: A label selector requirement
                                              is a selector that contains values,
                                              a key, and an operator that relates
                                              the key and values.
                                            properties:
                                              key:
                                                description: key is the label key
                                                  that the selector applies to.
                                                type: string
                                              operator:
                                                description: operator represents a
                                                  key's relationship to a set of values.
                                                  Valid operators are In, NotIn, Exists
                                                  and DoesNotExist.
                                                type: string
                                              values:
                                                description: values is an array of
                                                  string values. If the operator is
                                                  In or NotIn, the values array must
                                                  be non-empty. If the operator is
                                                  Exists or DoesNotExist, the values
                                                  array must be empty. This array
                                                  is replaced during a strategic merge
                                                  patch.
                                                items:
                                                  type: string
                                                type: array
                                            required:
                                            - key
                                            - operator
                                            type: object
                                          type: array
                                        matchLabels:
                                          additionalProperties:
                                            type: string
                                          description: matchLabels is a map of {key,value}
                                            pairs. A single {key,value} in the matchLabels
                                            map is equivalent to an element of matchExpressions,
                                            whose key field is "key", the operator
                                            is "In", and the values array contains
                                            only "value". The requirements are ANDed.
                                          type: object
                                      type: object
                                    namespaceSelector:
                                      description: A label query over the set of namespaces
                                        that the term applies to. The term is applied
                                        to the union of the namespaces selected by
                                        this field and the ones listed in the namespaces
                                        field. null selector and null or empty namespaces
                                        list means "this pod's namespace". An empty
                                        selector ({}) matches all namespaces.
                                      properties:
                                        matchExpressions:
                                          description: matchExpressions is a list
                                            of label selector requirements. The requirements
                                            are ANDed.
                                          items:
                                            description: A label selector requirement
                                              is a selector that contains values,
                                              a key, and an operator that relates
                                              the key and values.
                                            properties:
                                              key:
                                                description: key is the label key
                                                  that the selector applies to.
                                                type: string
                                              operator:
                                                description: operator represents a
                                                  key's relationship to a set of values.
                                                  Valid operators are In, NotIn, Exists
                                                  and DoesNotExist.
                                                type: string
                                              values:
                                                description: values is an array of
                                                  string values. If the operator is
                                                  In or NotIn, the values array must
                                                  be non-empty. If the operator is
                                                  Exists or DoesNotExist, the values
                                                  array must be empty. This array
                                                  is replaced during a strategic merge
                                                  patch.
                                                items:
                                                  type: string
                                                type: array
                                            required:
                                            - key
                                            - operator
                                            type: object
                                          type: array
                                        matchLabels:
                                          additionalProperties:
                                            type: string
                                          description: matchLabels is a map of {key,value}
                                            pairs. A single {key,value} in the matchLabels
                                            map is equivalent to an element of matchExpressions,
                                            whose key field is "key", the operator
                                            is "In", and the values array contains
                                            only "value". The requirements are ANDed.
                                          type: object
                                      type: object
                                    namespaces:
                                      description: namespaces specifies a static list
                                        of namespace names that the term applies to.
                                        The term is applied to the union of the namespaces
                                        listed in this field and the ones selected
                                        by namespaceSelector. null or empty namespaces
                                        list and null namespaceSelector means "this
                                        pod's namespace".
                                      items:
                                        type: string
                                      type: array
                                    topologyKey:
                                      description: This pod should be co-located (affinity)
                                        or not co-located (anti-affinity) with the
                                        pods matching the labelSelector in the specified
                                        namespaces, where co-located is defined as
                                        running on a node whose value of the label
                                        with key topologyKey matches that of any node
                                        on which any of the selected pods is running.
                                        Empty topologyKey is not allowed.
                                      type: string
                                  required:
                                  - topologyKey
                                  type: object
                                weight:
                                  description: weight associated with matching the
                                    corresponding podAffinityTerm, in the range 1-100.
                                  format: int32
                                  type: integer
                              required:
                              - podAffinityTerm
                              - weight
                              type: object
                            type: array
                          requiredDuringSchedulingIgnoredDuringExecution:
                            description: If the affinity requirements specified by
                              this field are not met at scheduling time, the pod will
                              not be scheduled onto the node. If the affinity requirements
                              specified by this field cease to be met at some point
                              during pod execution (e.g. due to a pod label update),
                              the system may or may not try to eventually evict the
                              pod from its node. When there are multiple elements,
                              the lists of nodes corresponding to each podAffinityTerm
                              are intersected, i.e. all terms must be satisfied.
                            items:
                              description: Defines a set of pods (namely those matching
                                the labelSelector relative to the given namespace(s))
                                that this pod should be co-located (affinity) or not
                                co-located (anti-affinity) with, where co-located
                                is defined as running on a node whose value of the
                                label with key <topologyKey> matches that of any node
                                on which a pod of the set of pods is running
                              properties:
                                labelSelector:
                                  description: A label query over a set of resources,
                                    in this case pods.
                                  properties:
                                    matchExpressions:
                                      description: matchExpressions is a list of label
                                        selector requirements. The requirements are
                                        ANDed.
                                      items:
                                        description: A label selector requirement
                                          is a selector that contains values, a key,
                                          and an operator that relates the key and
                                          values.
                                        properties:
                                          key:
                                            description: key is the label key that
                                              the selector applies to.
                                            type: string
                                          operator:
                                            description: operator represents a key's
                                              relationship to a set of values. Valid
                                              operators are In, NotIn, Exists and
                                              DoesNotExist.
                                            type: string
                                          values:
                                            description: values is an array of string
                                              values. If the operator is In or NotIn,
                                              the values array must be non-empty.
                                              If the operator is Exists or DoesNotExist,
                                              the values array must be empty. This
                                              array is replaced during a strategic
                                              merge patch.
                                            items:
                                              type: string
                                            type: array
                                        required:
                                        - key
                                        - operator
                                        type: object
                                      type: array
                                    matchLabels:
                                      additionalProperties:
                                        type: string
                                      description: matchLabels is a map of {key,value}
                                        pairs. A single {key,value} in the matchLabels
                                        map is equivalent to an element of matchExpressions,
                                        whose key field is "key", the operator is
                                        "In", and the values array contains only "value".
                                        The requirements are ANDed.
                                      type: object
                                  type: object
                                namespaceSelector:
                                  description: A label query over the set of namespaces
                                    that the term applies to. The term is applied
                                    to the union of the namespaces selected by this
                                    field and the ones listed in the namespaces field.
                                    null selector and null or empty namespaces list
                                    means "this pod's namespace". An empty selector
                                    ({}) matches all namespaces.
                                  properties:
                                    matchExpressions:
                                      description: matchExpressions is a list of label
                                        selector requirements. The requirements are
                                        ANDed.
                                      items:
                                        description: A label selector requirement
                                          is a selector that contains values, a key,
                                          and an operator that relates the key and
                                          values.
                                        properties:
                                          key:
                                            description: key is the label key that
                                              the selector applies to.
                                            type: string
                                          operator:
                                            description: operator represents a key's
                                              relationship to a set of values. Valid
                                              operators are In, NotIn, Exists and
                                              DoesNotExist.
                                            type: string
                                          values:
                                            description: values is an array of string
                                              values. If the operator is In or NotIn,
                                              the values array must be non-empty.
                                              If the operator is Exists or DoesNotExist,
                                              the values array must be empty. This
                                              array is replaced during a strategic
                                              merge patch.
                                            items:
                                              type: string
                                            type: array
                                        required:
                                        - key
                                        - operator
                                        type: object
                                      type: array
                                    matchLabels:
                                      additionalProperties:
                                        type: string
                                      description: matchLabels is a map of {key,value}
                                        pairs. A single {key,value} in the matchLabels
                                        map is equivalent to an element of matchExpressions,
                                        whose key field is "key", the operator is
                                        "In", and the values array contains only "value".
                                        The requirements are ANDed.
                                      type: object
                                  type: object
                                namespaces:
                                  description: namespaces specifies a static list
                                    of namespace names that the term applies to. The
                                    term is applied to the union of the namespaces
                                    listed in this field and the ones selected by
                                    namespaceSelector. null or empty namespaces list
                                    and null namespaceSelector means "this pod's namespace".
                                  items:
                                    type: string
                                  type: array
                                topologyKey:
                                  description: This pod should be co-located (affinity)
                                    or not co-located (anti-affinity) with the pods
                                    matching the labelSelector in the specified namespaces,
                                    where co-located is defined as running on a node
                                    whose value of the label with key topologyKey
                                    matches that of any node on which any of the selected
                                    pods is running. Empty topologyKey is not allowed.
                                  type: string
                              required:
                              - topologyKey
                              type: object
                            type: array
                        type: object
                      podAntiAffinity:
                        description: Describes pod anti-affinity scheduling rules
                          (e.g. avoid putting this pod in the same node, zone, etc.
                          as some other pod(s)).
                        properties:
                          preferredDuringSchedulingIgnoredDuringExecution:
                            description: The scheduler will prefer to schedule pods
                              to nodes that satisfy the anti-affinity expressions
                              specified by this field, but it may choose a node that
                              violates one or more of the expressions. The node that
                              is most preferred is the one with the greatest sum of
                              weights, i.e. for each node that meets all of the scheduling
                              requirements (resource request, requiredDuringScheduling
                              anti-affinity expressions, etc.), compute a sum by iterating
                              through the elements of this field and adding "weight"
                              to the sum if the node has pods which matches the corresponding
                              podAffinityTerm; the node(s) with the highest sum are
                              the most preferred.
                            items:
                              description: The weights of all of the matched WeightedPodAffinityTerm
                                fields are added per-node to find the most preferred
                                node(s)
                              properties:
                                podAffinityTerm:
                                  description: Required. A pod affinity term, associated
                                    with the corresponding weight.
                                  properties:
                                    labelSelector:
                                      description: A label query over a set of resources,
                                        in this case pods.
                                      properties:
                                        matchExpressions:
                                          description: matchExpressions is a list
                                            of label selector requirements. The requirements
                                            are ANDed.
                                          items:
                                            description: A label selector requirement
                                              is a selector that contains values,
                                              a key, and an operator that relates
                                              the key and values.
                                            properties:
                                              key:
                                                description: key is the label key
                                                  that the selector applies to.
                                                type: string
                                              operator:
                                                description: operator represents a
                                                  key's relationship to a set of values.
                                                  Valid operators are In, NotIn, Exists
                                                  and DoesNotExist.
                                                type: string
                                              values:
                                                description: values is an array of
                                                  string values. If the operator is
                                                  In or NotIn, the values array must
                                                  be non-empty. If the operator is
                                                  Exists or DoesNotExist, the values
                                                  array must be empty. This array
                                                  is replaced during a strategic merge
                                                  patch.
                                                items:
                                                  type: string
                                                type: array
                                            required:
                                            - key
                                            - operator
                                            type: object
                                          type: array
                                        matchLabels:
                                          additionalProperties:
                                            type: string
                                          description: matchLabels is a map of {key,value}
                                            pairs. A single {key,value} in the matchLabels
                                            map is equivalent to an element of matchExpressions,
                                            whose key field is "key", the operator
                                            is "In", and the values array contains
                                            only "value". The requirements are ANDed.
                                          type: object
                                      type: object
                                    namespaceSelector:
                                      description: A label query over the set of namespaces
                                        that the term applies to. The term is applied
                                        to the union of the namespaces selected by
                                        this field and the ones listed in the namespaces
                                        field. null selector and null or empty namespaces
                                        list means "this pod's namespace". An empty
                                        selector ({}) matches all namespaces.
                                      properties:
                                        matchExpressions:
                                          description: matchExpressions is a list
                                            of label selector requirements. The requirements
                                            are ANDed.
                                          items:
                                            description: A label selector requirement
                                              is a selector that contains values,
                                              a key, and an operator that relates
                                              the key and values.
                                            properties:
                                              key:
                                                description: key is the label key
                                                  that the selector applies to.
                                                type: string
                                              operator:
                                                description: operator represents a
                                                  key's relationship to a set of values.
                                                  Valid operators are In, NotIn, Exists
                                                  and DoesNotExist.
                                                type: string
                                              values:
                                                description: values is an array of
                                                  string values. If the operator is
                                                  In or NotIn, the values array must
                                                  be non-empty. If the operator is
                                                  Exists or DoesNotExist, the values
                                                  array must be empty. This array
                                                  is replaced during a strategic merge
                                                  patch.
                                                items:
                                                  type: string
                                                type: array
                                            required:
                                            - key
                                            - operator
                                            type: object
                                          type: array
                                        matchLabels:
                                          additionalProperties:
                                            type: string
                                          description: matchLabels is a map of {key,value}
                                            pairs. A single {key,value} in the matchLabels
                                            map is equivalent to an element of matchExpressions,
                                            whose key field is "key", the operator
                                            is "In", and the values array contains
                                            only "value". The requirements are ANDed.
                                          type: object
                                      type: object
                                    namespaces:
                                      description: namespaces specifies a static list
                                        of namespace names that the term applies to.
                                        The term is applied to the union of the namespaces
                                        listed in this field and the ones selected
                                        by namespaceSelector. null or empty namespaces
                                        list and null namespaceSelector means "this
                                        pod's namespace".
                                      items:
                                        type: string
                                      type: array
                                    topologyKey:
                                      description: This pod should be co-located (affinity)
                                        or not co-located (anti-affinity) with the
                                        pods matching the labelSelector in the specified
                                        namespaces, where co-located is defined as
                                        running on a node whose value of the label
                                        with key topologyKey matches that of any node
                                        on which any of the selected pods is running.
                                        Empty topologyKey is not allowed.
                                      type: string
                                  required:
                                  - topologyKey
                                  type: object
                                weight:
                                  description: weight associated with matching the
                                    corresponding podAffinityTerm, in the range 1-100.
                                  format: int32
                                  type: integer
                              required:
                              - podAffinityTerm
                              - weight
                              type: object
                            type: array
                          requiredDuringSchedulingIgnoredDuringExecution:
                            description: If the anti-affinity requirements specified
                              by this field are not met at scheduling time, the pod
                              will not be scheduled onto the node. If the anti-affinity
                              requirements specified by this field cease to be met
                              at some point during pod execution (e.g. due to a pod
                              label update), the system may or may not try to eventually
                              evict the pod from its node. When there are multiple
                              elements, the lists of nodes corresponding to each podAffinityTerm
                              are intersected, i.e. all terms must be satisfied.
                            items:
                              description: Defines a set of pods (namely those matching
                                the labelSelector relative to the given namespace(s))
                                that this pod should be co-located (affinity) or not
                                co-located (anti-affinity) with, where co-located
                                is defined as running on a node whose value of the
                                label with key <topologyKey> matches that of any node
                                on which a pod of the set of pods is running
                              properties:
                                labelSelector:
                                  description: A label query over a set of resources,
                                    in this case pods.
                                  properties:
                                    matchExpressions:
                                      description: matchExpressions is a list of label
                                        selector requirements. The requirements are
                                        ANDed.
                                      items:
                                        description: A label selector requirement
                                          is a selector that contains values, a key,
                                          and an operator that relates the key and
                                          values.
                                        properties:
                                          key:
                                            description: key is the label key that
                                              the selector applies to.
                                            type: string
                                          operator:
                                            description: operator represents a key's
                                              relationship to a set of values. Valid
                                              operators are In, NotIn, Exists and
                                              DoesNotExist.
                                            type: string
                                          values:
                                            description: values is an array of string
                                              values. If the operator is In or NotIn,
                                              the values array must be non-empty.
                                              If the operator is Exists or DoesNotExist,
                                              the values array must be empty. This
                                              array is replaced during a strategic
                                              merge patch.
                                            items:
                                              type: string
                                            type: array
                                        required:
                                        - key
                                        - operator
                                        type: object
                                      type: array
                                    matchLabels:
                                      additionalProperties:
                                        type: string
                                      description: matchLabels is a map of {key,value}
                                        pairs. A single {key,value} in the matchLabels
                                        map is equivalent to an element of matchExpressions,
                                        whose key field is "key", the operator is
                                        "In", and the values array contains only "value".
                                        The requirements are ANDed.
                                      type: object
                                  type: object
                                namespaceSelector:
                                  description: A label query over the set of namespaces
                                    that the term applies to. The term is applied
                                    to the union of the namespaces selected by this
                                    field and the ones listed in the namespaces field.
                                    null selector and null or empty namespaces list
                                    means "this pod's namespace". An empty selector
                                    ({}) matches all namespaces.
                                  properties:
                                    matchExpressions:
                                      description: matchExpressions is a list of label
                                        selector requirements. The requirements are
                                        ANDed.
                                      items:
                                        description: A label selector requirement
                                          is a selector that contains values, a key,
                                          and an operator that relates the key and
                                          values.
                                        properties:
                                          key:
                                            description: key is the label key that
                                              the selector applies to.
                                            type: string
                                          operator:
                                            description: operator represents a key's
                                              relationship to a set of values. Valid
                                              operators are In, NotIn, Exists and
                                              DoesNotExist.
                                            type: string
                                          values:
                                            description: values is an array of string
                                              values. If the operator is In or NotIn,
                                              the values array must be non-empty.
                                              If the operator is Exists or DoesNotExist,
                                              the values array must be empty. This
                                              array is replaced during a strategic
                                              merge patch.
                                            items:
                                              type: string
                                            type: array
                                        required:
                                        - key
                                        - operator
                                        type: object
                                      type: array
                                    matchLabels:
                                      additionalProperties:
                                        type: string
                                      description: matchLabels is a map of {key,value}
                                        pairs. A single {key,value} in the matchLabels
                                        map is equivalent to an element of matchExpressions,
                                        whose key field is "key", the operator is
                                        "In", and the values array contains only "value".
                                        The requirements are ANDed.
                                      type: object
                                  type: object
                                namespaces:
                                  description: namespaces specifies a static list
                                    of namespace names that the term applies to. The
                                    term is applied to the union of the namespaces
                                    listed in this field and the ones selected by
                                    namespaceSelector. null or empty namespaces list
                                    and null namespaceSelector means "this pod's namespace".
                                  items:
                                    type: string
                                  type: array
                                topologyKey:
                                  description: This pod should be co-located (affinity)
                                    or not co-located (anti-affinity) with the pods
                                    matching the labelSelector in the specified namespaces,
                                    where co-located is defined as running on a node
                                    whose value of the label with key topologyKey
                                    matches that of any node on which any of the selected
                                    pods is running. Empty topologyKey is not allowed.
                                  type: string
                              required:
                              - topologyKey
                              type: object
                            type: array
                        type: object
                    type: object
                  automountServiceAccountToken:
                    description: AutomountServiceAccountToken indicates whether a
                      service account token should be automatically mounted.
                    type: boolean
                  containers:
                    description: List of containers belonging to the pod. Containers
                      cannot currently be added or removed. There must be at least
                      one container in a Pod. Cannot be updated.
                    items:
                      description: A single application container that you want to
                        run within a pod.
                      properties:
                        args:
                          description: 'Arguments to the entrypoint. The container
                            image''s CMD is used if this is not provided. Variable
                            references $(VAR_NAME) are expanded using the container''s
                            environment. If a variable cannot be resolved, the reference
                            in the input string will be unchanged. Double $$ are reduced
                            to a single $, which allows for escaping the $(VAR_NAME)
                            syntax: i.e. "$$(VAR_NAME)" will produce the string literal
                            "$(VAR_NAME)". Escaped references will never be expanded,
                            regardless of whether the variable exists or not. Cannot
                            be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
                          items:
                            type: string
                          type: array
                        command:
                          description: 'Entrypoint array. Not executed within a shell.
                            The container image''s ENTRYPOINT is used if this is not
                            provided. Variable references $(VAR_NAME) are expanded
                            using the container''s environment. If a variable cannot
                            be resolved, the reference in the input string will be
                            unchanged. Double $$ are reduced to a single $, which
                            allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
                            will produce the string literal "$(VAR_NAME)". Escaped
                            references will never be expanded, regardless of whether
                            the variable exists or not. Cannot be updated. More info:
                            https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
                          items:
                            type: string
                          type: array
                        env:
                          description: List of environment variables to set in the
                            container. Cannot be updated.
                          items:
                            description: EnvVar represents an environment variable
                              present in a Container.
                            properties:
                              name:
                                description: Name of the environment variable. Must
                                  be a C_IDENTIFIER.
                                type: string
                              value:
                                description: 'Variable references $(VAR_NAME) are
                                  expanded using the previously defined environment
                                  variables in the container and any service environment
                                  variables. If a variable cannot be resolved, the
                                  reference in the input string will be unchanged.
                                  Double $$ are reduced to a single $, which allows
                                  for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
                                  will produce the string literal "$(VAR_NAME)". Escaped
                                  references will never be expanded, regardless of
                                  whether the variable exists or not. Defaults to
                                  "".'
                                type: string
                              valueFrom:
                                description: Source for the environment variable's
                                  value. Cannot be used if value is not empty.
                                properties:
                                  configMapKeyRef:
                                    description: Selects a key of a ConfigMap.
                                    properties:
                                      key:
                                        description: The key to select.
                                        type: string
                                      name:
                                        description: 'Name of the referent. More info:
                                          https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                          TODO: Add other useful fields. apiVersion,
                                          kind, uid?'
                                        type: string
                                      optional:
                                        description: Specify whether the ConfigMap
                                          or its key must be defined
                                        type: boolean
                                    required:
                                    - key
                                    type: object
                                  fieldRef:
                                    description: 'Selects a field of the pod: supports
                                      metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`,
                                      `metadata.annotations[''<KEY>'']`, spec.nodeName,
                                      spec.serviceAccountName, status.hostIP, status.podIP,
                                      status.podIPs.'
                                    properties:
                                      apiVersion:
                                        description: Version of the schema the FieldPath
                                          is written in terms of, defaults to "v1".
                                        type: string
                                      fieldPath:
                                        description: Path of the field to select in
                                          the specified API version.
                                        type: string
                                    required:
                                    - fieldPath
                                    type: object
                                  resourceFieldRef:
                                    description: 'Selects a resource of the container:
                                      only resources limits and requests (limits.cpu,
                                      limits.memory, limits.ephemeral-storage, requests.cpu,
                                      requests.memory and requests.ephemeral-storage)
                                      are currently supported.'
                                    properties:
                                      containerName:
                                        description: 'Container name: required for
                                          volumes, optional for env vars'
                                        type: string
                                      divisor:
                                        anyOf:
                                        - type: integer
                                        - type: string
                                        description: Specifies the output format of
                                          the exposed resources, defaults to "1"
                                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                        x-kubernetes-int-or-string: true
                                      resource:
                                        description: 'Required: resource to select'
                                        type: string
                                    required:
                                    - resource
                                    type: object
                                  secretKeyRef:
                                    description: Selects a key of a secret in the
                                      pod's namespace
                                    properties:
                                      key:
                                        description: The key of the secret to select
                                          from.  Must be a valid secret key.
                                        type: string
                                      name:
                                        description: 'Name of the referent. More info:
                                          https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                          TODO: Add other useful fields. apiVersion,
                                          kind, uid?'
                                        type: string
                                      optional:
                                        description: Specify whether the Secret or
                                          its key must be defined
                                        type: boolean
                                    required:
                                    - key
                                    type: object
                                type: object
                            required:
                            - name
                            type: object
                          type: array
                        envFrom:
                          description: List of sources to populate environment variables
                            in the container. The keys defined within a source must
                            be a C_IDENTIFIER. All invalid keys will be reported as
                            an event when the container is starting. When a key exists
                            in multiple sources, the value associated with the last
                            source will take precedence. Values defined by an Env
                            with a duplicate key will take precedence. Cannot be updated.
                          items:
                            description: EnvFromSource represents the source of a
                              set of ConfigMaps
                            properties:
                              configMapRef:
                                description: The ConfigMap to select from
                                properties:
                                  name:
                                    description: 'Name of the referent. More info:
                                      https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                      TODO: Add other useful fields. apiVersion, kind,
                                      uid?'
                                    type: string
                                  optional:
                                    description: Specify whether the ConfigMap must
                                      be defined
                                    type: boolean
                                type: object
                              prefix:
                                description: An optional identifier to prepend to
                                  each key in the ConfigMap. Must be a C_IDENTIFIER.
                                type: string
                              secretRef:
                                description: The Secret to select from
                                properties:
                                  name:
                                    description: 'Name of the referent. More info:
                                      https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                      TODO: Add other useful fields. apiVersion, kind,
                                      uid?'
                                    type: string
                                  optional:
                                    description: Specify whether the Secret must be
                                      defined
                                    type: boolean
                                type: object
                            type: object
                          type: array
                        image:
                          description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
                            This field is optional to allow higher level config management
                            to default or override container images in workload controllers
                            like Deployments and StatefulSets.'
                          type: string
                        imagePullPolicy:
                          description: 'Image pull policy. One of Always, Never, IfNotPresent.
                            Defaults to Always if :latest tag is specified, or IfNotPresent
                            otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
                          type: string
                        lifecycle:
                          description: Actions that the management system should take
                            in response to container lifecycle events. Cannot be updated.
                          properties:
                            postStart:
                              description: 'PostStart is called immediately after
                                a container is created. If the handler fails, the
                                container is terminated and restarted according to
                                its restart policy. Other management of the container
                                blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
                              properties:
                                exec:
                                  description: Exec specifies the action to take.
                                  properties:
                                    command:
                                      description: Command is the command line to
                                        execute inside the container, the working
                                        directory for the command  is root ('/') in
                                        the container's filesystem. The command is
                                        simply exec'd, it is not run inside a shell,
                                        so traditional shell instructions ('|', etc)
                                        won't work. To use a shell, you need to explicitly
                                        call out to that shell. Exit status of 0 is
                                        treated as live/healthy and non-zero is unhealthy.
                                      items:
                                        type: string
                                      type: array
                                  type: object
                                httpGet:
                                  description: HTTPGet specifies the http request
                                    to perform.
                                  properties:
                                    host:
                                      description: Host name to connect to, defaults
                                        to the pod IP. You probably want to set "Host"
                                        in httpHeaders instead.
                                      type: string
                                    httpHeaders:
                                      description: Custom headers to set in the request.
                                        HTTP allows repeated headers.
                                      items:
                                        description: HTTPHeader describes a custom
                                          header to be used in HTTP probes
                                        properties:
                                          name:
                                            description: The header field name
                                            type: string
                                          value:
                                            description: The header field value
                                            type: string
                                        required:
                                        - name
                                        - value
                                        type: object
                                      type: array
                                    path:
                                      description: Path to access on the HTTP server.
                                      type: string
                                    port:
                                      anyOf:
                                      - type: integer
                                      - type: string
                                      description: Name or number of the port to access
                                        on the container. Number must be in the range
                                        1 to 65535. Name must be an IANA_SVC_NAME.
                                      x-kubernetes-int-or-string: true
                                    scheme:
                                      description: Scheme to use for connecting to
                                        the host. Defaults to HTTP.
                                      type: string
                                  required:
                                  - port
                                  type: object
                                tcpSocket:
                                  description: Deprecated. TCPSocket is NOT supported
                                    as a LifecycleHandler and kept for the backward
                                    compatibility. There are no validation of this
                                    field and lifecycle hooks will fail in runtime
                                    when tcp handler is specified.
                                  properties:
                                    host:
                                      description: 'Optional: Host name to connect
                                        to, defaults to the pod IP.'
                                      type: string
                                    port:
                                      anyOf:
                                      - type: integer
                                      - type: string
                                      description: Number or name of the port to access
                                        on the container. Number must be in the range
                                        1 to 65535. Name must be an IANA_SVC_NAME.
                                      x-kubernetes-int-or-string: true
                                  required:
                                  - port
                                  type: object
                              type: object
                            preStop:
                              description: 'PreStop is called immediately before a
                                container is terminated due to an API request or management
                                event such as liveness/startup probe failure, preemption,
                                resource contention, etc. The handler is not called
                                if the container crashes or exits. The Pod''s termination
                                grace period countdown begins before the PreStop hook
                                is executed. Regardless of the outcome of the handler,
                                the container will eventually terminate within the
                                Pod''s termination grace period (unless delayed by
                                finalizers). Other management of the container blocks
                                until the hook completes or until the termination
                                grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
                              properties:
                                exec:
                                  description: Exec specifies the action to take.
                                  properties:
                                    command:
                                      description: Command is the command line to
                                        execute inside the container, the working
                                        directory for the command  is root ('/') in
                                        the container's filesystem. The command is
                                        simply exec'd, it is not run inside a shell,
                                        so traditional shell instructions ('|', etc)
                                        won't work. To use a shell, you need to explicitly
                                        call out to that shell. Exit status of 0 is
                                        treated as live/healthy and non-zero is unhealthy.
                                      items:
                                        type: string
                                      type: array
                                  type: object
                                httpGet:
                                  description: HTTPGet specifies the http request
                                    to perform.
                                  properties:
                                    host:
                                      description: Host name to connect to, defaults
                                        to the pod IP. You probably want to set "Host"
                                        in httpHeaders instead.
                                      type: string
                                    httpHeaders:
                                      description: Custom headers to set in the request.
                                        HTTP allows repeated headers.
                                      items:
                                        description: HTTPHeader describes a custom
                                          header to be used in HTTP probes
                                        properties:
                                          name:
                                            description: The header field name
                                            type: string
                                          value:
                                            description: The header field value
                                            type: string
                                        required:
                                        - name
                                        - value
                                        type: object
                                      type: array
                                    path:
                                      description: Path to access on the HTTP server.
                                      type: string
                                    port:
                                      anyOf:
                                      - type: integer
                                      - type: string
                                      description: Name or number of the port to access
                                        on the container. Number must be in the range
                                        1 to 65535. Name must be an IANA_SVC_NAME.
                                      x-kubernetes-int-or-string: true
                                    scheme:
                                      description: Scheme to use for connecting to
                                        the host. Defaults to HTTP.
                                      type: string
                                  required:
                                  - port
                                  type: object
                                tcpSocket:
                                  description: Deprecated. TCPSocket is NOT supported
                                    as a LifecycleHandler and kept for the backward
                                    compatibility. There are no validation of this
                                    field and lifecycle hooks will fail in runtime
                                    when tcp handler is specified.
                                  properties:
                                    host:
                                      description: 'Optional: Host name to connect
                                        to, defaults to the pod IP.'
                                      type: string
                                    port:
                                      anyOf:
                                      - type: integer
                                      - type: string
                                      description: Number or name of the port to access
                                        on the container. Number must be in the range
                                        1 to 65535. Name must be an IANA_SVC_NAME.
                                      x-kubernetes-int-or-string: true
                                  required:
                                  - port
                                  type: object
                              type: object
                          type: object
                        livenessProbe:
                          description: 'Periodic probe of container liveness. Container
                            will be restarted if the probe fails. Cannot be updated.
                            More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                          properties:
                            exec:
                              description: Exec specifies the action to take.
                              properties:
                                command:
                                  description: Command is the command line to execute
                                    inside the container, the working directory for
                                    the command  is root ('/') in the container's
                                    filesystem. The command is simply exec'd, it is
                                    not run inside a shell, so traditional shell instructions
                                    ('|', etc) won't work. To use a shell, you need
                                    to explicitly call out to that shell. Exit status
                                    of 0 is treated as live/healthy and non-zero is
                                    unhealthy.
                                  items:
                                    type: string
                                  type: array
                              type: object
                            failureThreshold:
                              description: Minimum consecutive failures for the probe
                                to be considered failed after having succeeded. Defaults
                                to 3. Minimum value is 1.
                              format: int32
                              type: integer
                            grpc:
                              description: GRPC specifies an action involving a GRPC
                                port. This is a beta field and requires enabling GRPCContainerProbe
                                feature gate.
                              properties:
                                port:
                                  description: Port number of the gRPC service. Number
                                    must be in the range 1 to 65535.
                                  format: int32
                                  type: integer
                                service:
                                  description: "Service is the name of the service
                                    to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                    \n If this is not specified, the default behavior
                                    is defined by gRPC."
                                  type: string
                              required:
                              - port
                              type: object
                            httpGet:
                              description: HTTPGet specifies the http request to perform.
                              properties:
                                host:
                                  description: Host name to connect to, defaults to
                                    the pod IP. You probably want to set "Host" in
                                    httpHeaders instead.
                                  type: string
                                httpHeaders:
                                  description: Custom headers to set in the request.
                                    HTTP allows repeated headers.
                                  items:
                                    description: HTTPHeader describes a custom header
                                      to be used in HTTP probes
                                    properties:
                                      name:
                                        description: The header field name
                                        type: string
                                      value:
                                        description: The header field value
                                        type: string
                                    required:
                                    - name
                                    - value
                                    type: object
                                  type: array
                                path:
                                  description: Path to access on the HTTP server.
                                  type: string
                                port:
                                  anyOf:
                                  - type: integer
                                  - type: string
                                  description: Name or number of the port to access
                                    on the container. Number must be in the range
                                    1 to 65535. Name must be an IANA_SVC_NAME.
                                  x-kubernetes-int-or-string: true
                                scheme:
                                  description: Scheme to use for connecting to the
                                    host. Defaults to HTTP.
                                  type: string
                              required:
                              - port
                              type: object
                            initialDelaySeconds:
                              description: 'Number of seconds after the container
                                has started before liveness probes are initiated.
                                More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                              format: int32
                              type: integer
                            periodSeconds:
                              description: How often (in seconds) to perform the probe.
                                Default to 10 seconds. Minimum value is 1.
                              format: int32
                              type: integer
                            successThreshold:
                              description: Minimum consecutive successes for the probe
                                to be considered successful after having failed. Defaults
                                to 1. Must be 1 for liveness and startup. Minimum
                                value is 1.
                              format: int32
                              type: integer
                            tcpSocket:
                              description: TCPSocket specifies an action involving
                                a TCP port.
                              properties:
                                host:
                                  description: 'Optional: Host name to connect to,
                                    defaults to the pod IP.'
                                  type: string
                                port:
                                  anyOf:
                                  - type: integer
                                  - type: string
                                  description: Number or name of the port to access
                                    on the container. Number must be in the range
                                    1 to 65535. Name must be an IANA_SVC_NAME.
                                  x-kubernetes-int-or-string: true
                              required:
                              - port
                              type: object
                            terminationGracePeriodSeconds:
                              description: Optional duration in seconds the pod needs
                                to terminate gracefully upon probe failure. The grace
                                period is the duration in seconds after the processes
                                running in the pod are sent a termination signal and
                                the time when the processes are forcibly halted with
                                a kill signal. Set this value longer than the expected
                                cleanup time for your process. If this value is nil,
                                the pod's terminationGracePeriodSeconds will be used.
                                Otherwise, this value overrides the value provided
                                by the pod spec. Value must be non-negative integer.
                                The value zero indicates stop immediately via the
                                kill signal (no opportunity to shut down). This is
                                a beta field and requires enabling ProbeTerminationGracePeriod
                                feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
                                is used if unset.
                              format: int64
                              type: integer
                            timeoutSeconds:
                              description: 'Number of seconds after which the probe
                                times out. Defaults to 1 second. Minimum value is
                                1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                              format: int32
                              type: integer
                          type: object
                        name:
                          description: Name of the container specified as a DNS_LABEL.
                            Each container in a pod must have a unique name (DNS_LABEL).
                            Cannot be updated.
                          type: string
                        ports:
                          description: List of ports to expose from the container.
                            Exposing a port here gives the system additional information
                            about the network connections a container uses, but is
                            primarily informational. Not specifying a port here DOES
                            NOT prevent that port from being exposed. Any port which
                            is listening on the default "0.0.0.0" address inside a
                            container will be accessible from the network. Cannot
                            be updated.
                          items:
                            description: ContainerPort represents a network port in
                              a single container.
                            properties:
                              containerPort:
                                description: Number of port to expose on the pod's
                                  IP address. This must be a valid port number, 0
                                  < x < 65536.
                                format: int32
                                type: integer
                              hostIP:
                                description: What host IP to bind the external port
                                  to.
                                type: string
                              hostPort:
                                description: Number of port to expose on the host.
                                  If specified, this must be a valid port number,
                                  0 < x < 65536. If HostNetwork is specified, this
                                  must match ContainerPort. Most containers do not
                                  need this.
                                format: int32
                                type: integer
                              name:
                                description: If specified, this must be an IANA_SVC_NAME
                                  and unique within the pod. Each named port in a
                                  pod must have a unique name. Name for the port that
                                  can be referred to by services.
                                type: string
                              protocol:
                                default: TCP
                                description: Protocol for port. Must be UDP, TCP,
                                  or SCTP. Defaults to "TCP".
                                type: string
                            required:
                            - containerPort
                            type: object
                          type: array
                          x-kubernetes-list-map-keys:
                          - containerPort
                          - protocol
                          x-kubernetes-list-type: map
                        readinessProbe:
                          description: 'Periodic probe of container service readiness.
                            Container will be removed from service endpoints if the
                            probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                          properties:
                            exec:
                              description: Exec specifies the action to take.
                              properties:
                                command:
                                  description: Command is the command line to execute
                                    inside the container, the working directory for
                                    the command  is root ('/') in the container's
                                    filesystem. The command is simply exec'd, it is
                                    not run inside a shell, so traditional shell instructions
                                    ('|', etc) won't work. To use a shell, you need
                                    to explicitly call out to that shell. Exit status
                                    of 0 is treated as live/healthy and non-zero is
                                    unhealthy.
                                  items:
                                    type: string
                                  type: array
                              type: object
                            failureThreshold:
                              description: Minimum consecutive failures for the probe
                                to be considered failed after having succeeded. Defaults
                                to 3. Minimum value is 1.
                              format: int32
                              type: integer
                            grpc:
                              description: GRPC specifies an action involving a GRPC
                                port. This is a beta field and requires enabling GRPCContainerProbe
                                feature gate.
                              properties:
                                port:
                                  description: Port number of the gRPC service. Number
                                    must be in the range 1 to 65535.
                                  format: int32
                                  type: integer
                                service:
                                  description: "Service is the name of the service
                                    to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                    \n If this is not specified, the default behavior
                                    is defined by gRPC."
                                  type: string
                              required:
                              - port
                              type: object
                            httpGet:
                              description: HTTPGet specifies the http request to perform.
                              properties:
                                host:
                                  description: Host name to connect to, defaults to
                                    the pod IP. You probably want to set "Host" in
                                    httpHeaders instead.
                                  type: string
                                httpHeaders:
                                  description: Custom headers to set in the request.
                                    HTTP allows repeated headers.
                                  items:
                                    description: HTTPHeader describes a custom header
                                      to be used in HTTP probes
                                    properties:
                                      name:
                                        description: The header field name
                                        type: string
                                      value:
                                        description: The header field value
                                        type: string
                                    required:
                                    - name
                                    - value
                                    type: object
                                  type: array
                                path:
                                  description: Path to access on the HTTP server.
                                  type: string
                                port:
                                  anyOf:
                                  - type: integer
                                  - type: string
                                  description: Name or number of the port to access
                                    on the container. Number must be in the range
                                    1 to 65535. Name must be an IANA_SVC_NAME.
                                  x-kubernetes-int-or-string: true
                                scheme:
                                  description: Scheme to use for connecting to the
                                    host. Defaults to HTTP.
                                  type: string
                              required:
                              - port
                              type: object
                            initialDelaySeconds:
                              description: 'Number of seconds after the container
                                has started before liveness probes are initiated.
                                More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                              format: int32
                              type: integer
                            periodSeconds:
                              description: How often (in seconds) to perform the probe.
                                Default to 10 seconds. Minimum value is 1.
                              format: int32
                              type: integer
                            successThreshold:
                              description: Minimum consecutive successes for the probe
                                to be considered successful after having failed. Defaults
                                to 1. Must be 1 for liveness and startup. Minimum
                                value is 1.
                              format: int32
                              type: integer
                            tcpSocket:
                              description: TCPSocket specifies an action involving
                                a TCP port.
                              properties:
                                host:
                                  description: 'Optional: Host name to connect to,
                                    defaults to the pod IP.'
                                  type: string
                                port:
                                  anyOf:
                                  - type: integer
                                  - type: string
                                  description: Number or name of the port to access
                                    on the container. Number must be in the range
                                    1 to 65535. Name must be an IANA_SVC_NAME.
                                  x-kubernetes-int-or-string: true
                              required:
                              - port
                              type: object
                            terminationGracePeriodSeconds:
                              description: Optional duration in seconds the pod needs
                                to terminate gracefully upon probe failure. The grace
                                period is the duration in seconds after the processes
                                running in the pod are sent a termination signal and
                                the time when the processes are forcibly halted with
                                a kill signal. Set this value longer than the expected
                                cleanup time for your process. If this value is nil,
                                the pod's terminationGracePeriodSeconds will be used.
                                Otherwise, this value overrides the value provided
                                by the pod spec. Value must be non-negative integer.
                                The value zero indicates stop immediately via the
                                kill signal (no opportunity to shut down). This is
                                a beta field and requires enabling ProbeTerminationGracePeriod
                                feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
                                is used if unset.
                              format: int64
                              type: integer
                            timeoutSeconds:
                              description: 'Number of seconds after which the probe
                                times out. Defaults to 1 second. Minimum value is
                                1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                              format: int32
                              type: integer
                          type: object
                        resources:
                          description: 'Compute Resources required by this container.
                            Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                          properties:
                            limits:
                              additionalProperties:
                                anyOf:
                                - type: integer
                                - type: string
                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                x-kubernetes-int-or-string: true
                              description: 'Limits describes the maximum amount of
                                compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                              type: object
                            requests:
                              additionalProperties:
                                anyOf:
                                - type: integer
                                - type: string
                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                x-kubernetes-int-or-string: true
                              description: 'Requests describes the minimum amount
                                of compute resources required. If Requests is omitted
                                for a container, it defaults to Limits if that is
                                explicitly specified, otherwise to an implementation-defined
                                value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                              type: object
                          type: object
                        securityContext:
                          description: 'SecurityContext defines the security options
                            the container should be run with. If set, the fields of
                            SecurityContext override the equivalent fields of PodSecurityContext.
                            More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
                          properties:
                            allowPrivilegeEscalation:
                              description: 'AllowPrivilegeEscalation controls whether
                                a process can gain more privileges than its parent
                                process. This bool directly controls if the no_new_privs
                                flag will be set on the container process. AllowPrivilegeEscalation
                                is true always when the container is: 1) run as Privileged
                                2) has CAP_SYS_ADMIN Note that this field cannot be
                                set when spec.os.name is windows.'
                              type: boolean
                            capabilities:
                              description: The capabilities to add/drop when running
                                containers. Defaults to the default set of capabilities
                                granted by the container runtime. Note that this field
                                cannot be set when spec.os.name is windows.
                              properties:
                                add:
                                  description: Added capabilities
                                  items:
                                    description: Capability represent POSIX capabilities
                                      type
                                    type: string
                                  type: array
                                drop:
                                  description: Removed capabilities
                                  items:
                                    description: Capability represent POSIX capabilities
                                      type
                                    type: string
                                  type: array
                              type: object
                            privileged:
                              description: Run container in privileged mode. Processes
                                in privileged containers are essentially equivalent
                                to root on the host. Defaults to false. Note that
                                this field cannot be set when spec.os.name is windows.
                              type: boolean
                            procMount:
                              description: procMount denotes the type of proc mount
                                to use for the containers. The default is DefaultProcMount
                                which uses the container runtime defaults for readonly
                                paths and masked paths. This requires the ProcMountType
                                feature flag to be enabled. Note that this field cannot
                                be set when spec.os.name is windows.
                              type: string
                            readOnlyRootFilesystem:
                              description: Whether this container has a read-only
                                root filesystem. Default is false. Note that this
                                field cannot be set when spec.os.name is windows.
                              type: boolean
                            runAsGroup:
                              description: The GID to run the entrypoint of the container
                                process. Uses runtime default if unset. May also be
                                set in PodSecurityContext.  If set in both SecurityContext
                                and PodSecurityContext, the value specified in SecurityContext
                                takes precedence. Note that this field cannot be set
                                when spec.os.name is windows.
                              format: int64
                              type: integer
                            runAsNonRoot:
                              description: Indicates that the container must run as
                                a non-root user. If true, the Kubelet will validate
                                the image at runtime to ensure that it does not run
                                as UID 0 (root) and fail to start the container if
                                it does. If unset or false, no such validation will
                                be performed. May also be set in PodSecurityContext.  If
                                set in both SecurityContext and PodSecurityContext,
                                the value specified in SecurityContext takes precedence.
                              type: boolean
                            runAsUser:
                              description: The UID to run the entrypoint of the container
                                process. Defaults to user specified in image metadata
                                if unspecified. May also be set in PodSecurityContext.  If
                                set in both SecurityContext and PodSecurityContext,
                                the value specified in SecurityContext takes precedence.
                                Note that this field cannot be set when spec.os.name
                                is windows.
                              format: int64
                              type: integer
                            seLinuxOptions:
                              description: The SELinux context to be applied to the
                                container. If unspecified, the container runtime will
                                allocate a random SELinux context for each container.  May
                                also be set in PodSecurityContext.  If set in both
                                SecurityContext and PodSecurityContext, the value
                                specified in SecurityContext takes precedence. Note
                                that this field cannot be set when spec.os.name is
                                windows.
                              properties:
                                level:
                                  description: Level is SELinux level label that applies
                                    to the container.
                                  type: string
                                role:
                                  description: Role is a SELinux role label that applies
                                    to the container.
                                  type: string
                                type:
                                  description: Type is a SELinux type label that applies
                                    to the container.
                                  type: string
                                user:
                                  description: User is a SELinux user label that applies
                                    to the container.
                                  type: string
                              type: object
                            seccompProfile:
                              description: The seccomp options to use by this container.
                                If seccomp options are provided at both the pod &
                                container level, the container options override the
                                pod options. Note that this field cannot be set when
                                spec.os.name is windows.
                              properties:
                                localhostProfile:
                                  description: localhostProfile indicates a profile
                                    defined in a file on the node should be used.
                                    The profile must be preconfigured on the node
                                    to work. Must be a descending path, relative to
                                    the kubelet's configured seccomp profile location.
                                    Must only be set if type is "Localhost".
                                  type: string
                                type:
                                  description: "type indicates which kind of seccomp
                                    profile will be applied. Valid options are: \n
                                    Localhost - a profile defined in a file on the
                                    node should be used. RuntimeDefault - the container
                                    runtime default profile should be used. Unconfined
                                    - no profile should be applied."
                                  type: string
                              required:
                              - type
                              type: object
                            windowsOptions:
                              description: The Windows specific settings applied to
                                all containers. If unspecified, the options from the
                                PodSecurityContext will be used. If set in both SecurityContext
                                and PodSecurityContext, the value specified in SecurityContext
                                takes precedence. Note that this field cannot be set
                                when spec.os.name is linux.
                              properties:
                                gmsaCredentialSpec:
                                  description: GMSACredentialSpec is where the GMSA
                                    admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
                                    inlines the contents of the GMSA credential spec
                                    named by the GMSACredentialSpecName field.
                                  type: string
                                gmsaCredentialSpecName:
                                  description: GMSACredentialSpecName is the name
                                    of the GMSA credential spec to use.
                                  type: string
                                hostProcess:
                                  description: HostProcess determines if a container
                                    should be run as a 'Host Process' container. This
                                    field is alpha-level and will only be honored
                                    by components that enable the WindowsHostProcessContainers
                                    feature flag. Setting this field without the feature
                                    flag will result in errors when validating the
                                    Pod. All of a Pod's containers must have the same
                                    effective HostProcess value (it is not allowed
                                    to have a mix of HostProcess containers and non-HostProcess
                                    containers).  In addition, if HostProcess is true
                                    then HostNetwork must also be set to true.
                                  type: boolean
                                runAsUserName:
                                  description: The UserName in Windows to run the
                                    entrypoint of the container process. Defaults
                                    to the user specified in image metadata if unspecified.
                                    May also be set in PodSecurityContext. If set
                                    in both SecurityContext and PodSecurityContext,
                                    the value specified in SecurityContext takes precedence.
                                  type: string
                              type: object
                          type: object
                        startupProbe:
                          description: 'StartupProbe indicates that the Pod has successfully
                            initialized. If specified, no other probes are executed
                            until this completes successfully. If this probe fails,
                            the Pod will be restarted, just as if the livenessProbe
                            failed. This can be used to provide different probe parameters
                            at the beginning of a Pod''s lifecycle, when it might
                            take a long time to load data or warm a cache, than during
                            steady-state operation. This cannot be updated. More info:
                            https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                          properties:
                            exec:
                              description: Exec specifies the action to take.
                              properties:
                                command:
                                  description: Command is the command line to execute
                                    inside the container, the working directory for
                                    the command  is root ('/') in the container's
                                    filesystem. The command is simply exec'd, it is
                                    not run inside a shell, so traditional shell instructions
                                    ('|', etc) won't work. To use a shell, you need
                                    to explicitly call out to that shell. Exit status
                                    of 0 is treated as live/healthy and non-zero is
                                    unhealthy.
                                  items:
                                    type: string
                                  type: array
                              type: object
                            failureThreshold:
                              description: Minimum consecutive failures for the probe
                                to be considered failed after having succeeded. Defaults
                                to 3. Minimum value is 1.
                              format: int32
                              type: integer
                            grpc:
                              description: GRPC specifies an action involving a GRPC
                                port. This is a beta field and requires enabling GRPCContainerProbe
                                feature gate.
                              properties:
                                port:
                                  description: Port number of the gRPC service. Number
                                    must be in the range 1 to 65535.
                                  format: int32
                                  type: integer
                                service:
                                  description: "Service is the name of the service
                                    to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                    \n If this is not specified, the default behavior
                                    is defined by gRPC."
                                  type: string
                              required:
                              - port
                              type: object
                            httpGet:
                              description: HTTPGet specifies the http request to perform.
                              properties:
                                host:
                                  description: Host name to connect to, defaults to
                                    the pod IP. You probably want to set "Host" in
                                    httpHeaders instead.
                                  type: string
                                httpHeaders:
                                  description: Custom headers to set in the request.
                                    HTTP allows repeated headers.
                                  items:
                                    description: HTTPHeader describes a custom header
                                      to be used in HTTP probes
                                    properties:
                                      name:
                                        description: The header field name
                                        type: string
                                      value:
                                        description: The header field value
                                        type: string
                                    required:
                                    - name
                                    - value
                                    type: object
                                  type: array
                                path:
                                  description: Path to access on the HTTP server.
                                  type: string
                                port:
                                  anyOf:
                                  - type: integer
                                  - type: string
                                  description: Name or number of the port to access
                                    on the container. Number must be in the range
                                    1 to 65535. Name must be an IANA_SVC_NAME.
                                  x-kubernetes-int-or-string: true
                                scheme:
                                  description: Scheme to use for connecting to the
                                    host. Defaults to HTTP.
                                  type: string
                              required:
                              - port
                              type: object
                            initialDelaySeconds:
                              description: 'Number of seconds after the container
                                has started before liveness probes are initiated.
                                More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                              format: int32
                              type: integer
                            periodSeconds:
                              description: How often (in seconds) to perform the probe.
                                Default to 10 seconds. Minimum value is 1.
                              format: int32
                              type: integer
                            successThreshold:
                              description: Minimum consecutive successes for the probe
                                to be considered successful after having failed. Defaults
                                to 1. Must be 1 for liveness and startup. Minimum
                                value is 1.
                              format: int32
                              type: integer
                            tcpSocket:
                              description: TCPSocket specifies an action involving
                                a TCP port.
                              properties:
                                host:
                                  description: 'Optional: Host name to connect to,
                                    defaults to the pod IP.'
                                  type: string
                                port:
                                  anyOf:
                                  - type: integer
                                  - type: string
                                  description: Number or name of the port to access
                                    on the container. Number must be in the range
                                    1 to 65535. Name must be an IANA_SVC_NAME.
                                  x-kubernetes-int-or-string: true
                              required:
                              - port
                              type: object
                            terminationGracePeriodSeconds:
                              description: Optional duration in seconds the pod needs
                                to terminate gracefully upon probe failure. The grace
                                period is the duration in seconds after the processes
                                running in the pod are sent a termination signal and
                                the time when the processes are forcibly halted with
                                a kill signal. Set this value longer than the expected
                                cleanup time for your process. If this value is nil,
                                the pod's terminationGracePeriodSeconds will be used.
                                Otherwise, this value overrides the value provided
                                by the pod spec. Value must be non-negative integer.
                                The value zero indicates stop immediately via the
                                kill signal (no opportunity to shut down). This is
                                a beta field and requires enabling ProbeTerminationGracePeriod
                                feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
                                is used if unset.
                              format: int64
                              type: integer
                            timeoutSeconds:
                              description: 'Number of seconds after which the probe
                                times out. Defaults to 1 second. Minimum value is
                                1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                              format: int32
                              type: integer
                          type: object
                        stdin:
                          description: Whether this container should allocate a buffer
                            for stdin in the container runtime. If this is not set,
                            reads from stdin in the container will always result in
                            EOF. Default is false.
                          type: boolean
                        stdinOnce:
                          description: Whether the container runtime should close
                            the stdin channel after it has been opened by a single
                            attach. When stdin is true the stdin stream will remain
                            open across multiple attach sessions. If stdinOnce is
                            set to true, stdin is opened on container start, is empty
                            until the first client attaches to stdin, and then remains
                            open and accepts data until the client disconnects, at
                            which time stdin is closed and remains closed until the
                            container is restarted. If this flag is false, a container
                            processes that reads from stdin will never receive an
                            EOF. Default is false
                          type: boolean
                        terminationMessagePath:
                          description: 'Optional: Path at which the file to which
                            the container''s termination message will be written is
                            mounted into the container''s filesystem. Message written
                            is intended to be brief final status, such as an assertion
                            failure message. Will be truncated by the node if greater
                            than 4096 bytes. The total message length across all containers
                            will be limited to 12kb. Defaults to /dev/termination-log.
                            Cannot be updated.'
                          type: string
                        terminationMessagePolicy:
                          description: Indicate how the termination message should
                            be populated. File will use the contents of terminationMessagePath
                            to populate the container status message on both success
                            and failure. FallbackToLogsOnError will use the last chunk
                            of container log output if the termination message file
                            is empty and the container exited with an error. The log
                            output is limited to 2048 bytes or 80 lines, whichever
                            is smaller. Defaults to File. Cannot be updated.
                          type: string
                        tty:
                          description: Whether this container should allocate a TTY
                            for itself, also requires 'stdin' to be true. Default
                            is false.
                          type: boolean
                        volumeDevices:
                          description: volumeDevices is the list of block devices
                            to be used by the container.
                          items:
                            description: volumeDevice describes a mapping of a raw
                              block device within a container.
                            properties:
                              devicePath:
                                description: devicePath is the path inside of the
                                  container that the device will be mapped to.
                                type: string
                              name:
                                description: name must match the name of a persistentVolumeClaim
                                  in the pod
                                type: string
                            required:
                            - devicePath
                            - name
                            type: object
                          type: array
                        volumeMounts:
                          description: Pod volumes to mount into the container's filesystem.
                            Cannot be updated.
                          items:
                            description: VolumeMount describes a mounting of a Volume
                              within a container.
                            properties:
                              mountPath:
                                description: Path within the container at which the
                                  volume should be mounted.  Must not contain ':'.
                                type: string
                              mountPropagation:
                                description: mountPropagation determines how mounts
                                  are propagated from the host to container and the
                                  other way around. When not set, MountPropagationNone
                                  is used. This field is beta in 1.10.
                                type: string
                              name:
                                description: This must match the Name of a Volume.
                                type: string
                              readOnly:
                                description: Mounted read-only if true, read-write
                                  otherwise (false or unspecified). Defaults to false.
                                type: boolean
                              subPath:
                                description: Path within the volume from which the
                                  container's volume should be mounted. Defaults to
                                  "" (volume's root).
                                type: string
                              subPathExpr:
                                description: Expanded path within the volume from
                                  which the container's volume should be mounted.
                                  Behaves similarly to SubPath but environment variable
                                  references $(VAR_NAME) are expanded using the container's
                                  environment. Defaults to "" (volume's root). SubPathExpr
                                  and SubPath are mutually exclusive.
                                type: string
                            required:
                            - mountPath
                            - name
                            type: object
                          type: array
                        workingDir:
                          description: Container's working directory. If not specified,
                            the container runtime's default will be used, which might
                            be configured in the container image. Cannot be updated.
                          type: string
                      required:
                      - name
                      type: object
                    type: array
                  dnsConfig:
                    description: Specifies the DNS parameters of a pod. Parameters
                      specified here will be merged to the generated DNS configuration
                      based on DNSPolicy.
                    properties:
                      nameservers:
                        description: A list of DNS name server IP addresses. This
                          will be appended to the base nameservers generated from
                          DNSPolicy. Duplicated nameservers will be removed.
                        items:
                          type: string
                        type: array
                      options:
                        description: A list of DNS resolver options. This will be
                          merged with the base options generated from DNSPolicy. Duplicated
                          entries will be removed. Resolution options given in Options
                          will override those that appear in the base DNSPolicy.
                        items:
                          description: PodDNSConfigOption defines DNS resolver options
                            of a pod.
                          properties:
                            name:
                              description: Required.
                              type: string
                            value:
                              type: string
                          type: object
                        type: array
                      searches:
                        description: A list of DNS search domains for host-name lookup.
                          This will be appended to the base search paths generated
                          from DNSPolicy. Duplicated search paths will be removed.
                        items:
                          type: string
                        type: array
                    type: object
                  dnsPolicy:
                    description: Set DNS policy for the pod. Defaults to "ClusterFirst".
                      Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst',
                      'Default' or 'None'. DNS parameters given in DNSConfig will
                      be merged with the policy selected with DNSPolicy. To have DNS
                      options set along with hostNetwork, you have to specify DNS
                      policy explicitly to 'ClusterFirstWithHostNet'.
                    type: string
                  enableServiceLinks:
                    description: 'EnableServiceLinks indicates whether information
                      about services should be injected into pod''s environment variables,
                      matching the syntax of Docker links. Optional: Defaults to true.'
                    type: boolean
                  ephemeralContainers:
                    description: List of ephemeral containers run in this pod. Ephemeral
                      containers may be run in an existing pod to perform user-initiated
                      actions such as debugging. This list cannot be specified when
                      creating a pod, and it cannot be modified by updating the pod
                      spec. In order to add an ephemeral container to an existing
                      pod, use the pod's ephemeralcontainers subresource. This field
                      is beta-level and available on clusters that haven't disabled
                      the EphemeralContainers feature gate.
                    items:
                      description: "An EphemeralContainer is a temporary container
                        that you may add to an existing Pod for user-initiated activities
                        such as debugging. Ephemeral containers have no resource or
                        scheduling guarantees, and they will not be restarted when
                        they exit or when a Pod is removed or restarted. The kubelet
                        may evict a Pod if an ephemeral container causes the Pod to
                        exceed its resource allocation. \n To add an ephemeral container,
                        use the ephemeralcontainers subresource of an existing Pod.
                        Ephemeral containers may not be removed or restarted. \n This
                        is a beta feature available on clusters that haven't disabled
                        the EphemeralContainers feature gate."
                      properties:
                        args:
                          description: 'Arguments to the entrypoint. The image''s
                            CMD is used if this is not provided. Variable references
                            $(VAR_NAME) are expanded using the container''s environment.
                            If a variable cannot be resolved, the reference in the
                            input string will be unchanged. Double $$ are reduced
                            to a single $, which allows for escaping the $(VAR_NAME)
                            syntax: i.e. "$$(VAR_NAME)" will produce the string literal
                            "$(VAR_NAME)". Escaped references will never be expanded,
                            regardless of whether the variable exists or not. Cannot
                            be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
                          items:
                            type: string
                          type: array
                        command:
                          description: 'Entrypoint array. Not executed within a shell.
                            The image''s ENTRYPOINT is used if this is not provided.
                            Variable references $(VAR_NAME) are expanded using the
                            container''s environment. If a variable cannot be resolved,
                            the reference in the input string will be unchanged. Double
                            $$ are reduced to a single $, which allows for escaping
                            the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce
                            the string literal "$(VAR_NAME)". Escaped references will
                            never be expanded, regardless of whether the variable
                            exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
                          items:
                            type: string
                          type: array
                        env:
                          description: List of environment variables to set in the
                            container. Cannot be updated.
                          items:
                            description: EnvVar represents an environment variable
                              present in a Container.
                            properties:
                              name:
                                description: Name of the environment variable. Must
                                  be a C_IDENTIFIER.
                                type: string
                              value:
                                description: 'Variable references $(VAR_NAME) are
                                  expanded using the previously defined environment
                                  variables in the container and any service environment
                                  variables. If a variable cannot be resolved, the
                                  reference in the input string will be unchanged.
                                  Double $$ are reduced to a single $, which allows
                                  for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
                                  will produce the string literal "$(VAR_NAME)". Escaped
                                  references will never be expanded, regardless of
                                  whether the variable exists or not. Defaults to
                                  "".'
                                type: string
                              valueFrom:
                                description: Source for the environment variable's
                                  value. Cannot be used if value is not empty.
                                properties:
                                  configMapKeyRef:
                                    description: Selects a key of a ConfigMap.
                                    properties:
                                      key:
                                        description: The key to select.
                                        type: string
                                      name:
                                        description: 'Name of the referent. More info:
                                          https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                          TODO: Add other useful fields. apiVersion,
                                          kind, uid?'
                                        type: string
                                      optional:
                                        description: Specify whether the ConfigMap
                                          or its key must be defined
                                        type: boolean
                                    required:
                                    - key
                                    type: object
                                  fieldRef:
                                    description: 'Selects a field of the pod: supports
                                      metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`,
                                      `metadata.annotations[''<KEY>'']`, spec.nodeName,
                                      spec.serviceAccountName, status.hostIP, status.podIP,
                                      status.podIPs.'
                                    properties:
                                      apiVersion:
                                        description: Version of the schema the FieldPath
                                          is written in terms of, defaults to "v1".
                                        type: string
                                      fieldPath:
                                        description: Path of the field to select in
                                          the specified API version.
                                        type: string
                                    required:
                                    - fieldPath
                                    type: object
                                  resourceFieldRef:
                                    description: 'Selects a resource of the container:
                                      only resources limits and requests (limits.cpu,
                                      limits.memory, limits.ephemeral-storage, requests.cpu,
                                      requests.memory and requests.ephemeral-storage)
                                      are currently supported.'
                                    properties:
                                      containerName:
                                        description: 'Container name: required for
                                          volumes, optional for env vars'
                                        type: string
                                      divisor:
                                        anyOf:
                                        - type: integer
                                        - type: string
                                        description: Specifies the output format of
                                          the exposed resources, defaults to "1"
                                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                        x-kubernetes-int-or-string: true
                                      resource:
                                        description: 'Required: resource to select'
                                        type: string
                                    required:
                                    - resource
                                    type: object
                                  secretKeyRef:
                                    description: Selects a key of a secret in the
                                      pod's namespace
                                    properties:
                                      key:
                                        description: The key of the secret to select
                                          from.  Must be a valid secret key.
                                        type: string
                                      name:
                                        description: 'Name of the referent. More info:
                                          https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                          TODO: Add other useful fields. apiVersion,
                                          kind, uid?'
                                        type: string
                                      optional:
                                        description: Specify whether the Secret or
                                          its key must be defined
                                        type: boolean
                                    required:
                                    - key
                                    type: object
                                type: object
                            required:
                            - name
                            type: object
                          type: array
                        envFrom:
                          description: List of sources to populate environment variables
                            in the container. The keys defined within a source must
                            be a C_IDENTIFIER. All invalid keys will be reported as
                            an event when the container is starting. When a key exists
                            in multiple sources, the value associated with the last
                            source will take precedence. Values defined by an Env
                            with a duplicate key will take precedence. Cannot be updated.
                          items:
                            description: EnvFromSource represents the source of a
                              set of ConfigMaps
                            properties:
                              configMapRef:
                                description: The ConfigMap to select from
                                properties:
                                  name:
                                    description: 'Name of the referent. More info:
                                      https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                      TODO: Add other useful fields. apiVersion, kind,
                                      uid?'
                                    type: string
                                  optional:
                                    description: Specify whether the ConfigMap must
                                      be defined
                                    type: boolean
                                type: object
                              prefix:
                                description: An optional identifier to prepend to
                                  each key in the ConfigMap. Must be a C_IDENTIFIER.
                                type: string
                              secretRef:
                                description: The Secret to select from
                                properties:
                                  name:
                                    description: 'Name of the referent. More info:
                                      https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                      TODO: Add other useful fields. apiVersion, kind,
                                      uid?'
                                    type: string
                                  optional:
                                    description: Specify whether the Secret must be
                                      defined
                                    type: boolean
                                type: object
                            type: object
                          type: array
                        image:
                          description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images'
                          type: string
                        imagePullPolicy:
                          description: 'Image pull policy. One of Always, Never, IfNotPresent.
                            Defaults to Always if :latest tag is specified, or IfNotPresent
                            otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
                          type: string
                        lifecycle:
                          description: Lifecycle is not allowed for ephemeral containers.
                          properties:
                            postStart:
                              description: 'PostStart is called immediately after
                                a container is created. If the handler fails, the
                                container is terminated and restarted according to
                                its restart policy. Other management of the container
                                blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
                              properties:
                                exec:
                                  description: Exec specifies the action to take.
                                  properties:
                                    command:
                                      description: Command is the command line to
                                        execute inside the container, the working
                                        directory for the command  is root ('/') in
                                        the container's filesystem. The command is
                                        simply exec'd, it is not run inside a shell,
                                        so traditional shell instructions ('|', etc)
                                        won't work. To use a shell, you need to explicitly
                                        call out to that shell. Exit status of 0 is
                                        treated as live/healthy and non-zero is unhealthy.
                                      items:
                                        type: string
                                      type: array
                                  type: object
                                httpGet:
                                  description: HTTPGet specifies the http request
                                    to perform.
                                  properties:
                                    host:
                                      description: Host name to connect to, defaults
                                        to the pod IP. You probably want to set "Host"
                                        in httpHeaders instead.
                                      type: string
                                    httpHeaders:
                                      description: Custom headers to set in the request.
                                        HTTP allows repeated headers.
                                      items:
                                        description: HTTPHeader describes a custom
                                          header to be used in HTTP probes
                                        properties:
                                          name:
                                            description: The header field name
                                            type: string
                                          value:
                                            description: The header field value
                                            type: string
                                        required:
                                        - name
                                        - value
                                        type: object
                                      type: array
                                    path:
                                      description: Path to access on the HTTP server.
                                      type: string
                                    port:
                                      anyOf:
                                      - type: integer
                                      - type: string
                                      description: Name or number of the port to access
                                        on the container. Number must be in the range
                                        1 to 65535. Name must be an IANA_SVC_NAME.
                                      x-kubernetes-int-or-string: true
                                    scheme:
                                      description: Scheme to use for connecting to
                                        the host. Defaults to HTTP.
                                      type: string
                                  required:
                                  - port
                                  type: object
                                tcpSocket:
                                  description: Deprecated. TCPSocket is NOT supported
                                    as a LifecycleHandler and kept for the backward
                                    compatibility. There are no validation of this
                                    field and lifecycle hooks will fail in runtime
                                    when tcp handler is specified.
                                  properties:
                                    host:
                                      description: 'Optional: Host name to connect
                                        to, defaults to the pod IP.'
                                      type: string
                                    port:
                                      anyOf:
                                      - type: integer
                                      - type: string
                                      description: Number or name of the port to access
                                        on the container. Number must be in the range
                                        1 to 65535. Name must be an IANA_SVC_NAME.
                                      x-kubernetes-int-or-string: true
                                  required:
                                  - port
                                  type: object
                              type: object
                            preStop:
                              description: 'PreStop is called immediately before a
                                container is terminated due to an API request or management
                                event such as liveness/startup probe failure, preemption,
                                resource contention, etc. The handler is not called
                                if the container crashes or exits. The Pod''s termination
                                grace period countdown begins before the PreStop hook
                                is executed. Regardless of the outcome of the handler,
                                the container will eventually terminate within the
                                Pod''s termination grace period (unless delayed by
                                finalizers). Other management of the container blocks
                                until the hook completes or until the termination
                                grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
                              properties:
                                exec:
                                  description: Exec specifies the action to take.
                                  properties:
                                    command:
                                      description: Command is the command line to
                                        execute inside the container, the working
                                        directory for the command  is root ('/') in
                                        the container's filesystem. The command is
                                        simply exec'd, it is not run inside a shell,
                                        so traditional shell instructions ('|', etc)
                                        won't work. To use a shell, you need to explicitly
                                        call out to that shell. Exit status of 0 is
                                        treated as live/healthy and non-zero is unhealthy.
                                      items:
                                        type: string
                                      type: array
                                  type: object
                                httpGet:
                                  description: HTTPGet specifies the http request
                                    to perform.
                                  properties:
                                    host:
                                      description: Host name to connect to, defaults
                                        to the pod IP. You probably want to set "Host"
                                        in httpHeaders instead.
                                      type: string
                                    httpHeaders:
                                      description: Custom headers to set in the request.
                                        HTTP allows repeated headers.
                                      items:
                                        description: HTTPHeader describes a custom
                                          header to be used in HTTP probes
                                        properties:
                                          name:
                                            description: The header field name
                                            type: string
                                          value:
                                            description: The header field value
                                            type: string
                                        required:
                                        - name
                                        - value
                                        type: object
                                      type: array
                                    path:
                                      description: Path to access on the HTTP server.
                                      type: string
                                    port:
                                      anyOf:
                                      - type: integer
                                      - type: string
                                      description: Name or number of the port to access
                                        on the container. Number must be in the range
                                        1 to 65535. Name must be an IANA_SVC_NAME.
                                      x-kubernetes-int-or-string: true
                                    scheme:
                                      description: Scheme to use for connecting to
                                        the host. Defaults to HTTP.
                                      type: string
                                  required:
                                  - port
                                  type: object
                                tcpSocket:
                                  description: Deprecated. TCPSocket is NOT supported
                                    as a LifecycleHandler and kept for the backward
                                    compatibility. There are no validation of this
                                    field and lifecycle hooks will fail in runtime
                                    when tcp handler is specified.
                                  properties:
                                    host:
                                      description: 'Optional: Host name to connect
                                        to, defaults to the pod IP.'
                                      type: string
                                    port:
                                      anyOf:
                                      - type: integer
                                      - type: string
                                      description: Number or name of the port to access
                                        on the container. Number must be in the range
                                        1 to 65535. Name must be an IANA_SVC_NAME.
                                      x-kubernetes-int-or-string: true
                                  required:
                                  - port
                                  type: object
                              type: object
                          type: object
                        livenessProbe:
                          description: Probes are not allowed for ephemeral containers.
                          properties:
                            exec:
                              description: Exec specifies the action to take.
                              properties:
                                command:
                                  description: Command is the command line to execute
                                    inside the container, the working directory for
                                    the command  is root ('/') in the container's
                                    filesystem. The command is simply exec'd, it is
                                    not run inside a shell, so traditional shell instructions
                                    ('|', etc) won't work. To use a shell, you need
                                    to explicitly call out to that shell. Exit status
                                    of 0 is treated as live/healthy and non-zero is
                                    unhealthy.
                                  items:
                                    type: string
                                  type: array
                              type: object
                            failureThreshold:
                              description: Minimum consecutive failures for the probe
                                to be considered failed after having succeeded. Defaults
                                to 3. Minimum value is 1.
                              format: int32
                              type: integer
                            grpc:
                              description: GRPC specifies an action involving a GRPC
                                port. This is a beta field and requires enabling GRPCContainerProbe
                                feature gate.
                              properties:
                                port:
                                  description: Port number of the gRPC service. Number
                                    must be in the range 1 to 65535.
                                  format: int32
                                  type: integer
                                service:
                                  description: "Service is the name of the service
                                    to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                    \n If this is not specified, the default behavior
                                    is defined by gRPC."
                                  type: string
                              required:
                              - port
                              type: object
                            httpGet:
                              description: HTTPGet specifies the http request to perform.
                              properties:
                                host:
                                  description: Host name to connect to, defaults to
                                    the pod IP. You probably want to set "Host" in
                                    httpHeaders instead.
                                  type: string
                                httpHeaders:
                                  description: Custom headers to set in the request.
                                    HTTP allows repeated headers.
                                  items:
                                    description: HTTPHeader describes a custom header
                                      to be used in HTTP probes
                                    properties:
                                      name:
                                        description: The header field name
                                        type: string
                                      value:
                                        description: The header field value
                                        type: string
                                    required:
                                    - name
                                    - value
                                    type: object
                                  type: array
                                path:
                                  description: Path to access on the HTTP server.
                                  type: string
                                port:
                                  anyOf:
                                  - type: integer
                                  - type: string
                                  description: Name or number of the port to access
                                    on the container. Number must be in the range
                                    1 to 65535. Name must be an IANA_SVC_NAME.
                                  x-kubernetes-int-or-string: true
                                scheme:
                                  description: Scheme to use for connecting to the
                                    host. Defaults to HTTP.
                                  type: string
                              required:
                              - port
                              type: object
                            initialDelaySeconds:
                              description: 'Number of seconds after the container
                                has started before liveness probes are initiated.
                                More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                              format: int32
                              type: integer
                            periodSeconds:
                              description: How often (in seconds) to perform the probe.
                                Default to 10 seconds. Minimum value is 1.
                              format: int32
                              type: integer
                            successThreshold:
                              description: Minimum consecutive successes for the probe
                                to be considered successful after having failed. Defaults
                                to 1. Must be 1 for liveness and startup. Minimum
                                value is 1.
                              format: int32
                              type: integer
                            tcpSocket:
                              description: TCPSocket specifies an action involving
                                a TCP port.
                              properties:
                                host:
                                  description: 'Optional: Host name to connect to,
                                    defaults to the pod IP.'
                                  type: string
                                port:
                                  anyOf:
                                  - type: integer
                                  - type: string
                                  description: Number or name of the port to access
                                    on the container. Number must be in the range
                                    1 to 65535. Name must be an IANA_SVC_NAME.
                                  x-kubernetes-int-or-string: true
                              required:
                              - port
                              type: object
                            terminationGracePeriodSeconds:
                              description: Optional duration in seconds the pod needs
                                to terminate gracefully upon probe failure. The grace
                                period is the duration in seconds after the processes
                                running in the pod are sent a termination signal and
                                the time when the processes are forcibly halted with
                                a kill signal. Set this value longer than the expected
                                cleanup time for your process. If this value is nil,
                                the pod's terminationGracePeriodSeconds will be used.
                                Otherwise, this value overrides the value provided
                                by the pod spec. Value must be non-negative integer.
                                The value zero indicates stop immediately via the
                                kill signal (no opportunity to shut down). This is
                                a beta field and requires enabling ProbeTerminationGracePeriod
                                feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
                                is used if unset.
                              format: int64
                              type: integer
                            timeoutSeconds:
                              description: 'Number of seconds after which the probe
                                times out. Defaults to 1 second. Minimum value is
                                1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                              format: int32
                              type: integer
                          type: object
                        name:
                          description: Name of the ephemeral container specified as
                            a DNS_LABEL. This name must be unique among all containers,
                            init containers and ephemeral containers.
                          type: string
                        ports:
                          description: Ports are not allowed for ephemeral containers.
                          items:
                            description: ContainerPort represents a network port in
                              a single container.
                            properties:
                              containerPort:
                                description: Number of port to expose on the pod's
                                  IP address. This must be a valid port number, 0
                                  < x < 65536.
                                format: int32
                                type: integer
                              hostIP:
                                description: What host IP to bind the external port
                                  to.
                                type: string
                              hostPort:
                                description: Number of port to expose on the host.
                                  If specified, this must be a valid port number,
                                  0 < x < 65536. If HostNetwork is specified, this
                                  must match ContainerPort. Most containers do not
                                  need this.
                                format: int32
                                type: integer
                              name:
                                description: If specified, this must be an IANA_SVC_NAME
                                  and unique within the pod. Each named port in a
                                  pod must have a unique name. Name for the port that
                                  can be referred to by services.
                                type: string
                              protocol:
                                default: TCP
                                description: Protocol for port. Must be UDP, TCP,
                                  or SCTP. Defaults to "TCP".
                                type: string
                            required:
                            - containerPort
                            type: object
                          type: array
                          x-kubernetes-list-map-keys:
                          - containerPort
                          - protocol
                          x-kubernetes-list-type: map
                        readinessProbe:
                          description: Probes are not allowed for ephemeral containers.
                          properties:
                            exec:
                              description: Exec specifies the action to take.
                              properties:
                                command:
                                  description: Command is the command line to execute
                                    inside the container, the working directory for
                                    the command  is root ('/') in the container's
                                    filesystem. The command is simply exec'd, it is
                                    not run inside a shell, so traditional shell instructions
                                    ('|', etc) won't work. To use a shell, you need
                                    to explicitly call out to that shell. Exit status
                                    of 0 is treated as live/healthy and non-zero is
                                    unhealthy.
                                  items:
                                    type: string
                                  type: array
                              type: object
                            failureThreshold:
                              description: Minimum consecutive failures for the probe
                                to be considered failed after having succeeded. Defaults
                                to 3. Minimum value is 1.
                              format: int32
                              type: integer
                            grpc:
                              description: GRPC specifies an action involving a GRPC
                                port. This is a beta field and requires enabling GRPCContainerProbe
                                feature gate.
                              properties:
                                port:
                                  description: Port number of the gRPC service. Number
                                    must be in the range 1 to 65535.
                                  format: int32
                                  type: integer
                                service:
                                  description: "Service is the name of the service
                                    to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                    \n If this is not specified, the default behavior
                                    is defined by gRPC."
                                  type: string
                              required:
                              - port
                              type: object
                            httpGet:
                              description: HTTPGet specifies the http request to perform.
                              properties:
                                host:
                                  description: Host name to connect to, defaults to
                                    the pod IP. You probably want to set "Host" in
                                    httpHeaders instead.
                                  type: string
                                httpHeaders:
                                  description: Custom headers to set in the request.
                                    HTTP allows repeated headers.
                                  items:
                                    description: HTTPHeader describes a custom header
                                      to be used in HTTP probes
                                    properties:
                                      name:
                                        description: The header field name
                                        type: string
                                      value:
                                        description: The header field value
                                        type: string
                                    required:
                                    - name
                                    - value
                                    type: object
                                  type: array
                                path:
                                  description: Path to access on the HTTP server.
                                  type: string
                                port:
                                  anyOf:
                                  - type: integer
                                  - type: string
                                  description: Name or number of the port to access
                                    on the container. Number must be in the range
                                    1 to 65535. Name must be an IANA_SVC_NAME.
                                  x-kubernetes-int-or-string: true
                                scheme:
                                  description: Scheme to use for connecting to the
                                    host. Defaults to HTTP.
                                  type: string
                              required:
                              - port
                              type: object
                            initialDelaySeconds:
                              description: 'Number of seconds after the container
                                has started before liveness probes are initiated.
                                More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                              format: int32
                              type: integer
                            periodSeconds:
                              description: How often (in seconds) to perform the probe.
                                Default to 10 seconds. Minimum value is 1.
                              format: int32
                              type: integer
                            successThreshold:
                              description: Minimum consecutive successes for the probe
                                to be considered successful after having failed. Defaults
                                to 1. Must be 1 for liveness and startup. Minimum
                                value is 1.
                              format: int32
                              type: integer
                            tcpSocket:
                              description: TCPSocket specifies an action involving
                                a TCP port.
                              properties:
                                host:
                                  description: 'Optional: Host name to connect to,
                                    defaults to the pod IP.'
                                  type: string
                                port:
                                  anyOf:
                                  - type: integer
                                  - type: string
                                  description: Number or name of the port to access
                                    on the container. Number must be in the range
                                    1 to 65535. Name must be an IANA_SVC_NAME.
                                  x-kubernetes-int-or-string: true
                              required:
                              - port
                              type: object
                            terminationGracePeriodSeconds:
                              description: Optional duration in seconds the pod needs
                                to terminate gracefully upon probe failure. The grace
                                period is the duration in seconds after the processes
                                running in the pod are sent a termination signal and
                                the time when the processes are forcibly halted with
                                a kill signal. Set this value longer than the expected
                                cleanup time for your process. If this value is nil,
                                the pod's terminationGracePeriodSeconds will be used.
                                Otherwise, this value overrides the value provided
                                by the pod spec. Value must be non-negative integer.
                                The value zero indicates stop immediately via the
                                kill signal (no opportunity to shut down). This is
                                a beta field and requires enabling ProbeTerminationGracePeriod
                                feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
                                is used if unset.
                              format: int64
                              type: integer
                            timeoutSeconds:
                              description: 'Number of seconds after which the probe
                                times out. Defaults to 1 second. Minimum value is
                                1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                              format: int32
                              type: integer
                          type: object
                        resources:
                          description: Resources are not allowed for ephemeral containers.
                            Ephemeral containers use spare resources already allocated
                            to the pod.
                          properties:
                            limits:
                              additionalProperties:
                                anyOf:
                                - type: integer
                                - type: string
                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                x-kubernetes-int-or-string: true
                              description: 'Limits describes the maximum amount of
                                compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                              type: object
                            requests:
                              additionalProperties:
                                anyOf:
                                - type: integer
                                - type: string
                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                x-kubernetes-int-or-string: true
                              description: 'Requests describes the minimum amount
                                of compute resources required. If Requests is omitted
                                for a container, it defaults to Limits if that is
                                explicitly specified, otherwise to an implementation-defined
                                value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                              type: object
                          type: object
                        securityContext:
                          description: 'Optional: SecurityContext defines the security
                            options the ephemeral container should be run with. If
                            set, the fields of SecurityContext override the equivalent
                            fields of PodSecurityContext.'
                          properties:
                            allowPrivilegeEscalation:
                              description: 'AllowPrivilegeEscalation controls whether
                                a process can gain more privileges than its parent
                                process. This bool directly controls if the no_new_privs
                                flag will be set on the container process. AllowPrivilegeEscalation
                                is true always when the container is: 1) run as Privileged
                                2) has CAP_SYS_ADMIN Note that this field cannot be
                                set when spec.os.name is windows.'
                              type: boolean
                            capabilities:
                              description: The capabilities to add/drop when running
                                containers. Defaults to the default set of capabilities
                                granted by the container runtime. Note that this field
                                cannot be set when spec.os.name is windows.
                              properties:
                                add:
                                  description: Added capabilities
                                  items:
                                    description: Capability represent POSIX capabilities
                                      type
                                    type: string
                                  type: array
                                drop:
                                  description: Removed capabilities
                                  items:
                                    description: Capability represent POSIX capabilities
                                      type
                                    type: string
                                  type: array
                              type: object
                            privileged:
                              description: Run container in privileged mode. Processes
                                in privileged containers are essentially equivalent
                                to root on the host. Defaults to false. Note that
                                this field cannot be set when spec.os.name is windows.
                              type: boolean
                            procMount:
                              description: procMount denotes the type of proc mount
                                to use for the containers. The default is DefaultProcMount
                                which uses the container runtime defaults for readonly
                                paths and masked paths. This requires the ProcMountType
                                feature flag to be enabled. Note that this field cannot
                                be set when spec.os.name is windows.
                              type: string
                            readOnlyRootFilesystem:
                              description: Whether this container has a read-only
                                root filesystem. Default is false. Note that this
                                field cannot be set when spec.os.name is windows.
                              type: boolean
                            runAsGroup:
                              description: The GID to run the entrypoint of the container
                                process. Uses runtime default if unset. May also be
                                set in PodSecurityContext.  If set in both SecurityContext
                                and PodSecurityContext, the value specified in SecurityContext
                                takes precedence. Note that this field cannot be set
                                when spec.os.name is windows.
                              format: int64
                              type: integer
                            runAsNonRoot:
                              description: Indicates that the container must run as
                                a non-root user. If true, the Kubelet will validate
                                the image at runtime to ensure that it does not run
                                as UID 0 (root) and fail to start the container if
                                it does. If unset or false, no such validation will
                                be performed. May also be set in PodSecurityContext.  If
                                set in both SecurityContext and PodSecurityContext,
                                the value specified in SecurityContext takes precedence.
                              type: boolean
                            runAsUser:
                              description: The UID to run the entrypoint of the container
                                process. Defaults to user specified in image metadata
                                if unspecified. May also be set in PodSecurityContext.  If
                                set in both SecurityContext and PodSecurityContext,
                                the value specified in SecurityContext takes precedence.
                                Note that this field cannot be set when spec.os.name
                                is windows.
                              format: int64
                              type: integer
                            seLinuxOptions:
                              description: The SELinux context to be applied to the
                                container. If unspecified, the container runtime will
                                allocate a random SELinux context for each container.  May
                                also be set in PodSecurityContext.  If set in both
                                SecurityContext and PodSecurityContext, the value
                                specified in SecurityContext takes precedence. Note
                                that this field cannot be set when spec.os.name is
                                windows.
                              properties:
                                level:
                                  description: Level is SELinux level label that applies
                                    to the container.
                                  type: string
                                role:
                                  description: Role is a SELinux role label that applies
                                    to the container.
                                  type: string
                                type:
                                  description: Type is a SELinux type label that applies
                                    to the container.
                                  type: string
                                user:
                                  description: User is a SELinux user label that applies
                                    to the container.
                                  type: string
                              type: object
                            seccompProfile:
                              description: The seccomp options to use by this container.
                                If seccomp options are provided at both the pod &
                                container level, the container options override the
                                pod options. Note that this field cannot be set when
                                spec.os.name is windows.
                              properties:
                                localhostProfile:
                                  description: localhostProfile indicates a profile
                                    defined in a file on the node should be used.
                                    The profile must be preconfigured on the node
                                    to work. Must be a descending path, relative to
                                    the kubelet's configured seccomp profile location.
                                    Must only be set if type is "Localhost".
                                  type: string
                                type:
                                  description: "type indicates which kind of seccomp
                                    profile will be applied. Valid options are: \n
                                    Localhost - a profile defined in a file on the
                                    node should be used. RuntimeDefault - the container
                                    runtime default profile should be used. Unconfined
                                    - no profile should be applied."
                                  type: string
                              required:
                              - type
                              type: object
                            windowsOptions:
                              description: The Windows specific settings applied to
                                all containers. If unspecified, the options from the
                                PodSecurityContext will be used. If set in both SecurityContext
                                and PodSecurityContext, the value specified in SecurityContext
                                takes precedence. Note that this field cannot be set
                                when spec.os.name is linux.
                              properties:
                                gmsaCredentialSpec:
                                  description: GMSACredentialSpec is where the GMSA
                                    admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
                                    inlines the contents of the GMSA credential spec
                                    named by the GMSACredentialSpecName field.
                                  type: string
                                gmsaCredentialSpecName:
                                  description: GMSACredentialSpecName is the name
                                    of the GMSA credential spec to use.
                                  type: string
                                hostProcess:
                                  description: HostProcess determines if a container
                                    should be run as a 'Host Process' container. This
                                    field is alpha-level and will only be honored
                                    by components that enable the WindowsHostProcessContainers
                                    feature flag. Setting this field without the feature
                                    flag will result in errors when validating the
                                    Pod. All of a Pod's containers must have the same
                                    effective HostProcess value (it is not allowed
                                    to have a mix of HostProcess containers and non-HostProcess
                                    containers).  In addition, if HostProcess is true
                                    then HostNetwork must also be set to true.
                                  type: boolean
                                runAsUserName:
                                  description: The UserName in Windows to run the
                                    entrypoint of the container process. Defaults
                                    to the user specified in image metadata if unspecified.
                                    May also be set in PodSecurityContext. If set
                                    in both SecurityContext and PodSecurityContext,
                                    the value specified in SecurityContext takes precedence.
                                  type: string
                              type: object
                          type: object
                        startupProbe:
                          description: Probes are not allowed for ephemeral containers.
                          properties:
                            exec:
                              description: Exec specifies the action to take.
                              properties:
                                command:
                                  description: Command is the command line to execute
                                    inside the container, the working directory for
                                    the command  is root ('/') in the container's
                                    filesystem. The command is simply exec'd, it is
                                    not run inside a shell, so traditional shell instructions
                                    ('|', etc) won't work. To use a shell, you need
                                    to explicitly call out to that shell. Exit status
                                    of 0 is treated as live/healthy and non-zero is
                                    unhealthy.
                                  items:
                                    type: string
                                  type: array
                              type: object
                            failureThreshold:
                              description: Minimum consecutive failures for the probe
                                to be considered failed after having succeeded. Defaults
                                to 3. Minimum value is 1.
                              format: int32
                              type: integer
                            grpc:
                              description: GRPC specifies an action involving a GRPC
                                port. This is a beta field and requires enabling GRPCContainerProbe
                                feature gate.
                              properties:
                                port:
                                  description: Port number of the gRPC service. Number
                                    must be in the range 1 to 65535.
                                  format: int32
                                  type: integer
                                service:
                                  description: "Service is the name of the service
                                    to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                    \n If this is not specified, the default behavior
                                    is defined by gRPC."
                                  type: string
                              required:
                              - port
                              type: object
                            httpGet:
                              description: HTTPGet specifies the http request to perform.
                              properties:
                                host:
                                  description: Host name to connect to, defaults to
                                    the pod IP. You probably want to set "Host" in
                                    httpHeaders instead.
                                  type: string
                                httpHeaders:
                                  description: Custom headers to set in the request.
                                    HTTP allows repeated headers.
                                  items:
                                    description: HTTPHeader describes a custom header
                                      to be used in HTTP probes
                                    properties:
                                      name:
                                        description: The header field name
                                        type: string
                                      value:
                                        description: The header field value
                                        type: string
                                    required:
                                    - name
                                    - value
                                    type: object
                                  type: array
                                path:
                                  description: Path to access on the HTTP server.
                                  type: string
                                port:
                                  anyOf:
                                  - type: integer
                                  - type: string
                                  description: Name or number of the port to access
                                    on the container. Number must be in the range
                                    1 to 65535. Name must be an IANA_SVC_NAME.
                                  x-kubernetes-int-or-string: true
                                scheme:
                                  description: Scheme to use for connecting to the
                                    host. Defaults to HTTP.
                                  type: string
                              required:
                              - port
                              type: object
                            initialDelaySeconds:
                              description: 'Number of seconds after the container
                                has started before liveness probes are initiated.
                                More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                              format: int32
                              type: integer
                            periodSeconds:
                              description: How often (in seconds) to perform the probe.
                                Default to 10 seconds. Minimum value is 1.
                              format: int32
                              type: integer
                            successThreshold:
                              description: Minimum consecutive successes for the probe
                                to be considered successful after having failed. Defaults
                                to 1. Must be 1 for liveness and startup. Minimum
                                value is 1.
                              format: int32
                              type: integer
                            tcpSocket:
                              description: TCPSocket specifies an action involving
                                a TCP port.
                              properties:
                                host:
                                  description: 'Optional: Host name to connect to,
                                    defaults to the pod IP.'
                                  type: string
                                port:
                                  anyOf:
                                  - type: integer
                                  - type: string
                                  description: Number or name of the port to access
                                    on the container. Number must be in the range
                                    1 to 65535. Name must be an IANA_SVC_NAME.
                                  x-kubernetes-int-or-string: true
                              required:
                              - port
                              type: object
                            terminationGracePeriodSeconds:
                              description: Optional duration in seconds the pod needs
                                to terminate gracefully upon probe failure. The grace
                                period is the duration in seconds after the processes
                                running in the pod are sent a termination signal and
                                the time when the processes are forcibly halted with
                                a kill signal. Set this value longer than the expected
                                cleanup time for your process. If this value is nil,
                                the pod's terminationGracePeriodSeconds will be used.
                                Otherwise, this value overrides the value provided
                                by the pod spec. Value must be non-negative integer.
                                The value zero indicates stop immediately via the
                                kill signal (no opportunity to shut down). This is
                                a beta field and requires enabling ProbeTerminationGracePeriod
                                feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
                                is used if unset.
                              format: int64
                              type: integer
                            timeoutSeconds:
                              description: 'Number of seconds after which the probe
                                times out. Defaults to 1 second. Minimum value is
                                1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                              format: int32
                              type: integer
                          type: object
                        stdin:
                          description: Whether this container should allocate a buffer
                            for stdin in the container runtime. If this is not set,
                            reads from stdin in the container will always result in
                            EOF. Default is false.
                          type: boolean
                        stdinOnce:
                          description: Whether the container runtime should close
                            the stdin channel after it has been opened by a single
                            attach. When stdin is true the stdin stream will remain
                            open across multiple attach sessions. If stdinOnce is
                            set to true, stdin is opened on container start, is empty
                            until the first client attaches to stdin, and then remains
                            open and accepts data until the client disconnects, at
                            which time stdin is closed and remains closed until the
                            container is restarted. If this flag is false, a container
                            processes that reads from stdin will never receive an
                            EOF. Default is false
                          type: boolean
                        targetContainerName:
                          description: "If set, the name of the container from PodSpec
                            that this ephemeral container targets. The ephemeral container
                            will be run in the namespaces (IPC, PID, etc) of this
                            container. If not set then the ephemeral container uses
                            the namespaces configured in the Pod spec. \n The container
                            runtime must implement support for this feature. If the
                            runtime does not support namespace targeting then the
                            result of setting this field is undefined."
                          type: string
                        terminationMessagePath:
                          description: 'Optional: Path at which the file to which
                            the container''s termination message will be written is
                            mounted into the container''s filesystem. Message written
                            is intended to be brief final status, such as an assertion
                            failure message. Will be truncated by the node if greater
                            than 4096 bytes. The total message length across all containers
                            will be limited to 12kb. Defaults to /dev/termination-log.
                            Cannot be updated.'
                          type: string
                        terminationMessagePolicy:
                          description: Indicate how the termination message should
                            be populated. File will use the contents of terminationMessagePath
                            to populate the container status message on both success
                            and failure. FallbackToLogsOnError will use the last chunk
                            of container log output if the termination message file
                            is empty and the container exited with an error. The log
                            output is limited to 2048 bytes or 80 lines, whichever
                            is smaller. Defaults to File. Cannot be updated.
                          type: string
                        tty:
                          description: Whether this container should allocate a TTY
                            for itself, also requires 'stdin' to be true. Default
                            is false.
                          type: boolean
                        volumeDevices:
                          description: volumeDevices is the list of block devices
                            to be used by the container.
                          items:
                            description: volumeDevice describes a mapping of a raw
                              block device within a container.
                            properties:
                              devicePath:
                                description: devicePath is the path inside of the
                                  container that the device will be mapped to.
                                type: string
                              name:
                                description: name must match the name of a persistentVolumeClaim
                                  in the pod
                                type: string
                            required:
                            - devicePath
                            - name
                            type: object
                          type: array
                        volumeMounts:
                          description: Pod volumes to mount into the container's filesystem.
                            Subpath mounts are not allowed for ephemeral containers.
                            Cannot be updated.
                          items:
                            description: VolumeMount describes a mounting of a Volume
                              within a container.
                            properties:
                              mountPath:
                                description: Path within the container at which the
                                  volume should be mounted.  Must not contain ':'.
                                type: string
                              mountPropagation:
                                description: mountPropagation determines how mounts
                                  are propagated from the host to container and the
                                  other way around. When not set, MountPropagationNone
                                  is used. This field is beta in 1.10.
                                type: string
                              name:
                                description: This must match the Name of a Volume.
                                type: string
                              readOnly:
                                description: Mounted read-only if true, read-write
                                  otherwise (false or unspecified). Defaults to false.
                                type: boolean
                              subPath:
                                description: Path within the volume from which the
                                  container's volume should be mounted. Defaults to
                                  "" (volume's root).
                                type: string
                              subPathExpr:
                                description: Expanded path within the volume from
                                  which the container's volume should be mounted.
                                  Behaves similarly to SubPath but environment variable
                                  references $(VAR_NAME) are expanded using the container's
                                  environment. Defaults to "" (volume's root). SubPathExpr
                                  and SubPath are mutually exclusive.
                                type: string
                            required:
                            - mountPath
                            - name
                            type: object
                          type: array
                        workingDir:
                          description: Container's working directory. If not specified,
                            the container runtime's default will be used, which might
                            be configured in the container image. Cannot be updated.
                          type: string
                      required:
                      - name
                      type: object
                    type: array
                  hostAliases:
                    description: HostAliases is an optional list of hosts and IPs
                      that will be injected into the pod's hosts file if specified.
                      This is only valid for non-hostNetwork pods.
                    items:
                      description: HostAlias holds the mapping between IP and hostnames
                        that will be injected as an entry in the pod's hosts file.
                      properties:
                        hostnames:
                          description: Hostnames for the above IP address.
                          items:
                            type: string
                          type: array
                        ip:
                          description: IP address of the host file entry.
                          type: string
                      type: object
                    type: array
                  hostIPC:
                    description: 'Use the host''s ipc namespace. Optional: Default
                      to false.'
                    type: boolean
                  hostNetwork:
                    description: Host networking requested for this pod. Use the host's
                      network namespace. If this option is set, the ports that will
                      be used must be specified. Default to false.
                    type: boolean
                  hostPID:
                    description: 'Use the host''s pid namespace. Optional: Default
                      to false.'
                    type: boolean
                  hostname:
                    description: Specifies the hostname of the Pod If not specified,
                      the pod's hostname will be set to a system-defined value.
                    type: string
                  imagePullSecrets:
                    description: 'ImagePullSecrets is an optional list of references
                      to secrets in the same namespace to use for pulling any of the
                      images used by this PodSpec. If specified, these secrets will
                      be passed to individual puller implementations for them to use.
                      More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod'
                    items:
                      description: LocalObjectReference contains enough information
                        to let you locate the referenced object inside the same namespace.
                      properties:
                        name:
                          description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                            TODO: Add other useful fields. apiVersion, kind, uid?'
                          type: string
                      type: object
                    type: array
                  initContainers:
                    description: 'List of initialization containers belonging to the
                      pod. Init containers are executed in order prior to containers
                      being started. If any init container fails, the pod is considered
                      to have failed and is handled according to its restartPolicy.
                      The name for an init container or normal container must be unique
                      among all containers. Init containers may not have Lifecycle
                      actions, Readiness probes, Liveness probes, or Startup probes.
                      The resourceRequirements of an init container are taken into
                      account during scheduling by finding the highest request/limit
                      for each resource type, and then using the max of of that value
                      or the sum of the normal containers. Limits are applied to init
                      containers in a similar fashion. Init containers cannot currently
                      be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/'
                    items:
                      description: A single application container that you want to
                        run within a pod.
                      properties:
                        args:
                          description: 'Arguments to the entrypoint. The container
                            image''s CMD is used if this is not provided. Variable
                            references $(VAR_NAME) are expanded using the container''s
                            environment. If a variable cannot be resolved, the reference
                            in the input string will be unchanged. Double $$ are reduced
                            to a single $, which allows for escaping the $(VAR_NAME)
                            syntax: i.e. "$$(VAR_NAME)" will produce the string literal
                            "$(VAR_NAME)". Escaped references will never be expanded,
                            regardless of whether the variable exists or not. Cannot
                            be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
                          items:
                            type: string
                          type: array
                        command:
                          description: 'Entrypoint array. Not executed within a shell.
                            The container image''s ENTRYPOINT is used if this is not
                            provided. Variable references $(VAR_NAME) are expanded
                            using the container''s environment. If a variable cannot
                            be resolved, the reference in the input string will be
                            unchanged. Double $$ are reduced to a single $, which
                            allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
                            will produce the string literal "$(VAR_NAME)". Escaped
                            references will never be expanded, regardless of whether
                            the variable exists or not. Cannot be updated. More info:
                            https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
                          items:
                            type: string
                          type: array
                        env:
                          description: List of environment variables to set in the
                            container. Cannot be updated.
                          items:
                            description: EnvVar represents an environment variable
                              present in a Container.
                            properties:
                              name:
                                description: Name of the environment variable. Must
                                  be a C_IDENTIFIER.
                                type: string
                              value:
                                description: 'Variable references $(VAR_NAME) are
                                  expanded using the previously defined environment
                                  variables in the container and any service environment
                                  variables. If a variable cannot be resolved, the
                                  reference in the input string will be unchanged.
                                  Double $$ are reduced to a single $, which allows
                                  for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
                                  will produce the string literal "$(VAR_NAME)". Escaped
                                  references will never be expanded, regardless of
                                  whether the variable exists or not. Defaults to
                                  "".'
                                type: string
                              valueFrom:
                                description: Source for the environment variable's
                                  value. Cannot be used if value is not empty.
                                properties:
                                  configMapKeyRef:
                                    description: Selects a key of a ConfigMap.
                                    properties:
                                      key:
                                        description: The key to select.
                                        type: string
                                      name:
                                        description: 'Name of the referent. More info:
                                          https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                          TODO: Add other useful fields. apiVersion,
                                          kind, uid?'
                                        type: string
                                      optional:
                                        description: Specify whether the ConfigMap
                                          or its key must be defined
                                        type: boolean
                                    required:
                                    - key
                                    type: object
                                  fieldRef:
                                    description: 'Selects a field of the pod: supports
                                      metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`,
                                      `metadata.annotations[''<KEY>'']`, spec.nodeName,
                                      spec.serviceAccountName, status.hostIP, status.podIP,
                                      status.podIPs.'
                                    properties:
                                      apiVersion:
                                        description: Version of the schema the FieldPath
                                          is written in terms of, defaults to "v1".
                                        type: string
                                      fieldPath:
                                        description: Path of the field to select in
                                          the specified API version.
                                        type: string
                                    required:
                                    - fieldPath
                                    type: object
                                  resourceFieldRef:
                                    description: 'Selects a resource of the container:
                                      only resources limits and requests (limits.cpu,
                                      limits.memory, limits.ephemeral-storage, requests.cpu,
                                      requests.memory and requests.ephemeral-storage)
                                      are currently supported.'
                                    properties:
                                      containerName:
                                        description: 'Container name: required for
                                          volumes, optional for env vars'
                                        type: string
                                      divisor:
                                        anyOf:
                                        - type: integer
                                        - type: string
                                        description: Specifies the output format of
                                          the exposed resources, defaults to "1"
                                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                        x-kubernetes-int-or-string: true
                                      resource:
                                        description: 'Required: resource to select'
                                        type: string
                                    required:
                                    - resource
                                    type: object
                                  secretKeyRef:
                                    description: Selects a key of a secret in the
                                      pod's namespace
                                    properties:
                                      key:
                                        description: The key of the secret to select
                                          from.  Must be a valid secret key.
                                        type: string
                                      name:
                                        description: 'Name of the referent. More info:
                                          https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                          TODO: Add other useful fields. apiVersion,
                                          kind, uid?'
                                        type: string
                                      optional:
                                        description: Specify whether the Secret or
                                          its key must be defined
                                        type: boolean
                                    required:
                                    - key
                                    type: object
                                type: object
                            required:
                            - name
                            type: object
                          type: array
                        envFrom:
                          description: List of sources to populate environment variables
                            in the container. The keys defined within a source must
                            be a C_IDENTIFIER. All invalid keys will be reported as
                            an event when the container is starting. When a key exists
                            in multiple sources, the value associated with the last
                            source will take precedence. Values defined by an Env
                            with a duplicate key will take precedence. Cannot be updated.
                          items:
                            description: EnvFromSource represents the source of a
                              set of ConfigMaps
                            properties:
                              configMapRef:
                                description: The ConfigMap to select from
                                properties:
                                  name:
                                    description: 'Name of the referent. More info:
                                      https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                      TODO: Add other useful fields. apiVersion, kind,
                                      uid?'
                                    type: string
                                  optional:
                                    description: Specify whether the ConfigMap must
                                      be defined
                                    type: boolean
                                type: object
                              prefix:
                                description: An optional identifier to prepend to
                                  each key in the ConfigMap. Must be a C_IDENTIFIER.
                                type: string
                              secretRef:
                                description: The Secret to select from
                                properties:
                                  name:
                                    description: 'Name of the referent. More info:
                                      https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                      TODO: Add other useful fields. apiVersion, kind,
                                      uid?'
                                    type: string
                                  optional:
                                    description: Specify whether the Secret must be
                                      defined
                                    type: boolean
                                type: object
                            type: object
                          type: array
                        image:
                          description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
                            This field is optional to allow higher level config management
                            to default or override container images in workload controllers
                            like Deployments and StatefulSets.'
                          type: string
                        imagePullPolicy:
                          description: 'Image pull policy. One of Always, Never, IfNotPresent.
                            Defaults to Always if :latest tag is specified, or IfNotPresent
                            otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
                          type: string
                        lifecycle:
                          description: Actions that the management system should take
                            in response to container lifecycle events. Cannot be updated.
                          properties:
                            postStart:
                              description: 'PostStart is called immediately after
                                a container is created. If the handler fails, the
                                container is terminated and restarted according to
                                its restart policy. Other management of the container
                                blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
                              properties:
                                exec:
                                  description: Exec specifies the action to take.
                                  properties:
                                    command:
                                      description: Command is the command line to
                                        execute inside the container, the working
                                        directory for the command  is root ('/') in
                                        the container's filesystem. The command is
                                        simply exec'd, it is not run inside a shell,
                                        so traditional shell instructions ('|', etc)
                                        won't work. To use a shell, you need to explicitly
                                        call out to that shell. Exit status of 0 is
                                        treated as live/healthy and non-zero is unhealthy.
                                      items:
                                        type: string
                                      type: array
                                  type: object
                                httpGet:
                                  description: HTTPGet specifies the http request
                                    to perform.
                                  properties:
                                    host:
                                      description: Host name to connect to, defaults
                                        to the pod IP. You probably want to set "Host"
                                        in httpHeaders instead.
                                      type: string
                                    httpHeaders:
                                      description: Custom headers to set in the request.
                                        HTTP allows repeated headers.
                                      items:
                                        description: HTTPHeader describes a custom
                                          header to be used in HTTP probes
                                        properties:
                                          name:
                                            description: The header field name
                                            type: string
                                          value:
                                            description: The header field value
                                            type: string
                                        required:
                                        - name
                                        - value
                                        type: object
                                      type: array
                                    path:
                                      description: Path to access on the HTTP server.
                                      type: string
                                    port:
                                      anyOf:
                                      - type: integer
                                      - type: string
                                      description: Name or number of the port to access
                                        on the container. Number must be in the range
                                        1 to 65535. Name must be an IANA_SVC_NAME.
                                      x-kubernetes-int-or-string: true
                                    scheme:
                                      description: Scheme to use for connecting to
                                        the host. Defaults to HTTP.
                                      type: string
                                  required:
                                  - port
                                  type: object
                                tcpSocket:
                                  description: Deprecated. TCPSocket is NOT supported
                                    as a LifecycleHandler and kept for the backward
                                    compatibility. There are no validation of this
                                    field and lifecycle hooks will fail in runtime
                                    when tcp handler is specified.
                                  properties:
                                    host:
                                      description: 'Optional: Host name to connect
                                        to, defaults to the pod IP.'
                                      type: string
                                    port:
                                      anyOf:
                                      - type: integer
                                      - type: string
                                      description: Number or name of the port to access
                                        on the container. Number must be in the range
                                        1 to 65535. Name must be an IANA_SVC_NAME.
                                      x-kubernetes-int-or-string: true
                                  required:
                                  - port
                                  type: object
                              type: object
                            preStop:
                              description: 'PreStop is called immediately before a
                                container is terminated due to an API request or management
                                event such as liveness/startup probe failure, preemption,
                                resource contention, etc. The handler is not called
                                if the container crashes or exits. The Pod''s termination
                                grace period countdown begins before the PreStop hook
                                is executed. Regardless of the outcome of the handler,
                                the container will eventually terminate within the
                                Pod''s termination grace period (unless delayed by
                                finalizers). Other management of the container blocks
                                until the hook completes or until the termination
                                grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
                              properties:
                                exec:
                                  description: Exec specifies the action to take.
                                  properties:
                                    command:
                                      description: Command is the command line to
                                        execute inside the container, the working
                                        directory for the command  is root ('/') in
                                        the container's filesystem. The command is
                                        simply exec'd, it is not run inside a shell,
                                        so traditional shell instructions ('|', etc)
                                        won't work. To use a shell, you need to explicitly
                                        call out to that shell. Exit status of 0 is
                                        treated as live/healthy and non-zero is unhealthy.
                                      items:
                                        type: string
                                      type: array
                                  type: object
                                httpGet:
                                  description: HTTPGet specifies the http request
                                    to perform.
                                  properties:
                                    host:
                                      description: Host name to connect to, defaults
                                        to the pod IP. You probably want to set "Host"
                                        in httpHeaders instead.
                                      type: string
                                    httpHeaders:
                                      description: Custom headers to set in the request.
                                        HTTP allows repeated headers.
                                      items:
                                        description: HTTPHeader describes a custom
                                          header to be used in HTTP probes
                                        properties:
                                          name:
                                            description: The header field name
                                            type: string
                                          value:
                                            description: The header field value
                                            type: string
                                        required:
                                        - name
                                        - value
                                        type: object
                                      type: array
                                    path:
                                      description: Path to access on the HTTP server.
                                      type: string
                                    port:
                                      anyOf:
                                      - type: integer
                                      - type: string
                                      description: Name or number of the port to access
                                        on the container. Number must be in the range
                                        1 to 65535. Name must be an IANA_SVC_NAME.
                                      x-kubernetes-int-or-string: true
                                    scheme:
                                      description: Scheme to use for connecting to
                                        the host. Defaults to HTTP.
                                      type: string
                                  required:
                                  - port
                                  type: object
                                tcpSocket:
                                  description: Deprecated. TCPSocket is NOT supported
                                    as a LifecycleHandler and kept for the backward
                                    compatibility. There are no validation of this
                                    field and lifecycle hooks will fail in runtime
                                    when tcp handler is specified.
                                  properties:
                                    host:
                                      description: 'Optional: Host name to connect
                                        to, defaults to the pod IP.'
                                      type: string
                                    port:
                                      anyOf:
                                      - type: integer
                                      - type: string
                                      description: Number or name of the port to access
                                        on the container. Number must be in the range
                                        1 to 65535. Name must be an IANA_SVC_NAME.
                                      x-kubernetes-int-or-string: true
                                  required:
                                  - port
                                  type: object
                              type: object
                          type: object
                        livenessProbe:
                          description: 'Periodic probe of container liveness. Container
                            will be restarted if the probe fails. Cannot be updated.
                            More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                          properties:
                            exec:
                              description: Exec specifies the action to take.
                              properties:
                                command:
                                  description: Command is the command line to execute
                                    inside the container, the working directory for
                                    the command  is root ('/') in the container's
                                    filesystem. The command is simply exec'd, it is
                                    not run inside a shell, so traditional shell instructions
                                    ('|', etc) won't work. To use a shell, you need
                                    to explicitly call out to that shell. Exit status
                                    of 0 is treated as live/healthy and non-zero is
                                    unhealthy.
                                  items:
                                    type: string
                                  type: array
                              type: object
                            failureThreshold:
                              description: Minimum consecutive failures for the probe
                                to be considered failed after having succeeded. Defaults
                                to 3. Minimum value is 1.
                              format: int32
                              type: integer
                            grpc:
                              description: GRPC specifies an action involving a GRPC
                                port. This is a beta field and requires enabling GRPCContainerProbe
                                feature gate.
                              properties:
                                port:
                                  description: Port number of the gRPC service. Number
                                    must be in the range 1 to 65535.
                                  format: int32
                                  type: integer
                                service:
                                  description: "Service is the name of the service
                                    to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                    \n If this is not specified, the default behavior
                                    is defined by gRPC."
                                  type: string
                              required:
                              - port
                              type: object
                            httpGet:
                              description: HTTPGet specifies the http request to perform.
                              properties:
                                host:
                                  description: Host name to connect to, defaults to
                                    the pod IP. You probably want to set "Host" in
                                    httpHeaders instead.
                                  type: string
                                httpHeaders:
                                  description: Custom headers to set in the request.
                                    HTTP allows repeated headers.
                                  items:
                                    description: HTTPHeader describes a custom header
                                      to be used in HTTP probes
                                    properties:
                                      name:
                                        description: The header field name
                                        type: string
                                      value:
                                        description: The header field value
                                        type: string
                                    required:
                                    - name
                                    - value
                                    type: object
                                  type: array
                                path:
                                  description: Path to access on the HTTP server.
                                  type: string
                                port:
                                  anyOf:
                                  - type: integer
                                  - type: string
                                  description: Name or number of the port to access
                                    on the container. Number must be in the range
                                    1 to 65535. Name must be an IANA_SVC_NAME.
                                  x-kubernetes-int-or-string: true
                                scheme:
                                  description: Scheme to use for connecting to the
                                    host. Defaults to HTTP.
                                  type: string
                              required:
                              - port
                              type: object
                            initialDelaySeconds:
                              description: 'Number of seconds after the container
                                has started before liveness probes are initiated.
                                More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                              format: int32
                              type: integer
                            periodSeconds:
                              description: How often (in seconds) to perform the probe.
                                Default to 10 seconds. Minimum value is 1.
                              format: int32
                              type: integer
                            successThreshold:
                              description: Minimum consecutive successes for the probe
                                to be considered successful after having failed. Defaults
                                to 1. Must be 1 for liveness and startup. Minimum
                                value is 1.
                              format: int32
                              type: integer
                            tcpSocket:
                              description: TCPSocket specifies an action involving
                                a TCP port.
                              properties:
                                host:
                                  description: 'Optional: Host name to connect to,
                                    defaults to the pod IP.'
                                  type: string
                                port:
                                  anyOf:
                                  - type: integer
                                  - type: string
                                  description: Number or name of the port to access
                                    on the container. Number must be in the range
                                    1 to 65535. Name must be an IANA_SVC_NAME.
                                  x-kubernetes-int-or-string: true
                              required:
                              - port
                              type: object
                            terminationGracePeriodSeconds:
                              description: Optional duration in seconds the pod needs
                                to terminate gracefully upon probe failure. The grace
                                period is the duration in seconds after the processes
                                running in the pod are sent a termination signal and
                                the time when the processes are forcibly halted with
                                a kill signal. Set this value longer than the expected
                                cleanup time for your process. If this value is nil,
                                the pod's terminationGracePeriodSeconds will be used.
                                Otherwise, this value overrides the value provided
                                by the pod spec. Value must be non-negative integer.
                                The value zero indicates stop immediately via the
                                kill signal (no opportunity to shut down). This is
                                a beta field and requires enabling ProbeTerminationGracePeriod
                                feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
                                is used if unset.
                              format: int64
                              type: integer
                            timeoutSeconds:
                              description: 'Number of seconds after which the probe
                                times out. Defaults to 1 second. Minimum value is
                                1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                              format: int32
                              type: integer
                          type: object
                        name:
                          description: Name of the container specified as a DNS_LABEL.
                            Each container in a pod must have a unique name (DNS_LABEL).
                            Cannot be updated.
                          type: string
                        ports:
                          description: List of ports to expose from the container.
                            Exposing a port here gives the system additional information
                            about the network connections a container uses, but is
                            primarily informational. Not specifying a port here DOES
                            NOT prevent that port from being exposed. Any port which
                            is listening on the default "0.0.0.0" address inside a
                            container will be accessible from the network. Cannot
                            be updated.
                          items:
                            description: ContainerPort represents a network port in
                              a single container.
                            properties:
                              containerPort:
                                description: Number of port to expose on the pod's
                                  IP address. This must be a valid port number, 0
                                  < x < 65536.
                                format: int32
                                type: integer
                              hostIP:
                                description: What host IP to bind the external port
                                  to.
                                type: string
                              hostPort:
                                description: Number of port to expose on the host.
                                  If specified, this must be a valid port number,
                                  0 < x < 65536. If HostNetwork is specified, this
                                  must match ContainerPort. Most containers do not
                                  need this.
                                format: int32
                                type: integer
                              name:
                                description: If specified, this must be an IANA_SVC_NAME
                                  and unique within the pod. Each named port in a
                                  pod must have a unique name. Name for the port that
                                  can be referred to by services.
                                type: string
                              protocol:
                                default: TCP
                                description: Protocol for port. Must be UDP, TCP,
                                  or SCTP. Defaults to "TCP".
                                type: string
                            required:
                            - containerPort
                            type: object
                          type: array
                          x-kubernetes-list-map-keys:
                          - containerPort
                          - protocol
                          x-kubernetes-list-type: map
                        readinessProbe:
                          description: 'Periodic probe of container service readiness.
                            Container will be removed from service endpoints if the
                            probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                          properties:
                            exec:
                              description: Exec specifies the action to take.
                              properties:
                                command:
                                  description: Command is the command line to execute
                                    inside the container, the working directory for
                                    the command  is root ('/') in the container's
                                    filesystem. The command is simply exec'd, it is
                                    not run inside a shell, so traditional shell instructions
                                    ('|', etc) won't work. To use a shell, you need
                                    to explicitly call out to that shell. Exit status
                                    of 0 is treated as live/healthy and non-zero is
                                    unhealthy.
                                  items:
                                    type: string
                                  type: array
                              type: object
                            failureThreshold:
                              description: Minimum consecutive failures for the probe
                                to be considered failed after having succeeded. Defaults
                                to 3. Minimum value is 1.
                              format: int32
                              type: integer
                            grpc:
                              description: GRPC specifies an action involving a GRPC
                                port. This is a beta field and requires enabling GRPCContainerProbe
                                feature gate.
                              properties:
                                port:
                                  description: Port number of the gRPC service. Number
                                    must be in the range 1 to 65535.
                                  format: int32
                                  type: integer
                                service:
                                  description: "Service is the name of the service
                                    to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                    \n If this is not specified, the default behavior
                                    is defined by gRPC."
                                  type: string
                              required:
                              - port
                              type: object
                            httpGet:
                              description: HTTPGet specifies the http request to perform.
                              properties:
                                host:
                                  description: Host name to connect to, defaults to
                                    the pod IP. You probably want to set "Host" in
                                    httpHeaders instead.
                                  type: string
                                httpHeaders:
                                  description: Custom headers to set in the request.
                                    HTTP allows repeated headers.
                                  items:
                                    description: HTTPHeader describes a custom header
                                      to be used in HTTP probes
                                    properties:
                                      name:
                                        description: The header field name
                                        type: string
                                      value:
                                        description: The header field value
                                        type: string
                                    required:
                                    - name
                                    - value
                                    type: object
                                  type: array
                                path:
                                  description: Path to access on the HTTP server.
                                  type: string
                                port:
                                  anyOf:
                                  - type: integer
                                  - type: string
                                  description: Name or number of the port to access
                                    on the container. Number must be in the range
                                    1 to 65535. Name must be an IANA_SVC_NAME.
                                  x-kubernetes-int-or-string: true
                                scheme:
                                  description: Scheme to use for connecting to the
                                    host. Defaults to HTTP.
                                  type: string
                              required:
                              - port
                              type: object
                            initialDelaySeconds:
                              description: 'Number of seconds after the container
                                has started before liveness probes are initiated.
                                More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                              format: int32
                              type: integer
                            periodSeconds:
                              description: How often (in seconds) to perform the probe.
                                Default to 10 seconds. Minimum value is 1.
                              format: int32
                              type: integer
                            successThreshold:
                              description: Minimum consecutive successes for the probe
                                to be considered successful after having failed. Defaults
                                to 1. Must be 1 for liveness and startup. Minimum
                                value is 1.
                              format: int32
                              type: integer
                            tcpSocket:
                              description: TCPSocket specifies an action involving
                                a TCP port.
                              properties:
                                host:
                                  description: 'Optional: Host name to connect to,
                                    defaults to the pod IP.'
                                  type: string
                                port:
                                  anyOf:
                                  - type: integer
                                  - type: string
                                  description: Number or name of the port to access
                                    on the container. Number must be in the range
                                    1 to 65535. Name must be an IANA_SVC_NAME.
                                  x-kubernetes-int-or-string: true
                              required:
                              - port
                              type: object
                            terminationGracePeriodSeconds:
                              description: Optional duration in seconds the pod needs
                                to terminate gracefully upon probe failure. The grace
                                period is the duration in seconds after the processes
                                running in the pod are sent a termination signal and
                                the time when the processes are forcibly halted with
                                a kill signal. Set this value longer than the expected
                                cleanup time for your process. If this value is nil,
                                the pod's terminationGracePeriodSeconds will be used.
                                Otherwise, this value overrides the value provided
                                by the pod spec. Value must be non-negative integer.
                                The value zero indicates stop immediately via the
                                kill signal (no opportunity to shut down). This is
                                a beta field and requires enabling ProbeTerminationGracePeriod
                                feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
                                is used if unset.
                              format: int64
                              type: integer
                            timeoutSeconds:
                              description: 'Number of seconds after which the probe
                                times out. Defaults to 1 second. Minimum value is
                                1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                              format: int32
                              type: integer
                          type: object
                        resources:
                          description: 'Compute Resources required by this container.
                            Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                          properties:
                            limits:
                              additionalProperties:
                                anyOf:
                                - type: integer
                                - type: string
                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                x-kubernetes-int-or-string: true
                              description: 'Limits describes the maximum amount of
                                compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                              type: object
                            requests:
                              additionalProperties:
                                anyOf:
                                - type: integer
                                - type: string
                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                x-kubernetes-int-or-string: true
                              description: 'Requests describes the minimum amount
                                of compute resources required. If Requests is omitted
                                for a container, it defaults to Limits if that is
                                explicitly specified, otherwise to an implementation-defined
                                value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                              type: object
                          type: object
                        securityContext:
                          description: 'SecurityContext defines the security options
                            the container should be run with. If set, the fields of
                            SecurityContext override the equivalent fields of PodSecurityContext.
                            More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
                          properties:
                            allowPrivilegeEscalation:
                              description: 'AllowPrivilegeEscalation controls whether
                                a process can gain more privileges than its parent
                                process. This bool directly controls if the no_new_privs
                                flag will be set on the container process. AllowPrivilegeEscalation
                                is true always when the container is: 1) run as Privileged
                                2) has CAP_SYS_ADMIN Note that this field cannot be
                                set when spec.os.name is windows.'
                              type: boolean
                            capabilities:
                              description: The capabilities to add/drop when running
                                containers. Defaults to the default set of capabilities
                                granted by the container runtime. Note that this field
                                cannot be set when spec.os.name is windows.
                              properties:
                                add:
                                  description: Added capabilities
                                  items:
                                    description: Capability represent POSIX capabilities
                                      type
                                    type: string
                                  type: array
                                drop:
                                  description: Removed capabilities
                                  items:
                                    description: Capability represent POSIX capabilities
                                      type
                                    type: string
                                  type: array
                              type: object
                            privileged:
                              description: Run container in privileged mode. Processes
                                in privileged containers are essentially equivalent
                                to root on the host. Defaults to false. Note that
                                this field cannot be set when spec.os.name is windows.
                              type: boolean
                            procMount:
                              description: procMount denotes the type of proc mount
                                to use for the containers. The default is DefaultProcMount
                                which uses the container runtime defaults for readonly
                                paths and masked paths. This requires the ProcMountType
                                feature flag to be enabled. Note that this field cannot
                                be set when spec.os.name is windows.
                              type: string
                            readOnlyRootFilesystem:
                              description: Whether this container has a read-only
                                root filesystem. Default is false. Note that this
                                field cannot be set when spec.os.name is windows.
                              type: boolean
                            runAsGroup:
                              description: The GID to run the entrypoint of the container
                                process. Uses runtime default if unset. May also be
                                set in PodSecurityContext.  If set in both SecurityContext
                                and PodSecurityContext, the value specified in SecurityContext
                                takes precedence. Note that this field cannot be set
                                when spec.os.name is windows.
                              format: int64
                              type: integer
                            runAsNonRoot:
                              description: Indicates that the container must run as
                                a non-root user. If true, the Kubelet will validate
                                the image at runtime to ensure that it does not run
                                as UID 0 (root) and fail to start the container if
                                it does. If unset or false, no such validation will
                                be performed. May also be set in PodSecurityContext.  If
                                set in both SecurityContext and PodSecurityContext,
                                the value specified in SecurityContext takes precedence.
                              type: boolean
                            runAsUser:
                              description: The UID to run the entrypoint of the container
                                process. Defaults to user specified in image metadata
                                if unspecified. May also be set in PodSecurityContext.  If
                                set in both SecurityContext and PodSecurityContext,
                                the value specified in SecurityContext takes precedence.
                                Note that this field cannot be set when spec.os.name
                                is windows.
                              format: int64
                              type: integer
                            seLinuxOptions:
                              description: The SELinux context to be applied to the
                                container. If unspecified, the container runtime will
                                allocate a random SELinux context for each container.  May
                                also be set in PodSecurityContext.  If set in both
                                SecurityContext and PodSecurityContext, the value
                                specified in SecurityContext takes precedence. Note
                                that this field cannot be set when spec.os.name is
                                windows.
                              properties:
                                level:
                                  description: Level is SELinux level label that applies
                                    to the container.
                                  type: string
                                role:
                                  description: Role is a SELinux role label that applies
                                    to the container.
                                  type: string
                                type:
                                  description: Type is a SELinux type label that applies
                                    to the container.
                                  type: string
                                user:
                                  description: User is a SELinux user label that applies
                                    to the container.
                                  type: string
                              type: object
                            seccompProfile:
                              description: The seccomp options to use by this container.
                                If seccomp options are provided at both the pod &
                                container level, the container options override the
                                pod options. Note that this field cannot be set when
                                spec.os.name is windows.
                              properties:
                                localhostProfile:
                                  description: localhostProfile indicates a profile
                                    defined in a file on the node should be used.
                                    The profile must be preconfigured on the node
                                    to work. Must be a descending path, relative to
                                    the kubelet's configured seccomp profile location.
                                    Must only be set if type is "Localhost".
                                  type: string
                                type:
                                  description: "type indicates which kind of seccomp
                                    profile will be applied. Valid options are: \n
                                    Localhost - a profile defined in a file on the
                                    node should be used. RuntimeDefault - the container
                                    runtime default profile should be used. Unconfined
                                    - no profile should be applied."
                                  type: string
                              required:
                              - type
                              type: object
                            windowsOptions:
                              description: The Windows specific settings applied to
                                all containers. If unspecified, the options from the
                                PodSecurityContext will be used. If set in both SecurityContext
                                and PodSecurityContext, the value specified in SecurityContext
                                takes precedence. Note that this field cannot be set
                                when spec.os.name is linux.
                              properties:
                                gmsaCredentialSpec:
                                  description: GMSACredentialSpec is where the GMSA
                                    admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
                                    inlines the contents of the GMSA credential spec
                                    named by the GMSACredentialSpecName field.
                                  type: string
                                gmsaCredentialSpecName:
                                  description: GMSACredentialSpecName is the name
                                    of the GMSA credential spec to use.
                                  type: string
                                hostProcess:
                                  description: HostProcess determines if a container
                                    should be run as a 'Host Process' container. This
                                    field is alpha-level and will only be honored
                                    by components that enable the WindowsHostProcessContainers
                                    feature flag. Setting this field without the feature
                                    flag will result in errors when validating the
                                    Pod. All of a Pod's containers must have the same
                                    effective HostProcess value (it is not allowed
                                    to have a mix of HostProcess containers and non-HostProcess
                                    containers).  In addition, if HostProcess is true
                                    then HostNetwork must also be set to true.
                                  type: boolean
                                runAsUserName:
                                  description: The UserName in Windows to run the
                                    entrypoint of the container process. Defaults
                                    to the user specified in image metadata if unspecified.
                                    May also be set in PodSecurityContext. If set
                                    in both SecurityContext and PodSecurityContext,
                                    the value specified in SecurityContext takes precedence.
                                  type: string
                              type: object
                          type: object
                        startupProbe:
                          description: 'StartupProbe indicates that the Pod has successfully
                            initialized. If specified, no other probes are executed
                            until this completes successfully. If this probe fails,
                            the Pod will be restarted, just as if the livenessProbe
                            failed. This can be used to provide different probe parameters
                            at the beginning of a Pod''s lifecycle, when it might
                            take a long time to load data or warm a cache, than during
                            steady-state operation. This cannot be updated. More info:
                            https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                          properties:
                            exec:
                              description: Exec specifies the action to take.
                              properties:
                                command:
                                  description: Command is the command line to execute
                                    inside the container, the working directory for
                                    the command  is root ('/') in the container's
                                    filesystem. The command is simply exec'd, it is
                                    not run inside a shell, so traditional shell instructions
                                    ('|', etc) won't work. To use a shell, you need
                                    to explicitly call out to that shell. Exit status
                                    of 0 is treated as live/healthy and non-zero is
                                    unhealthy.
                                  items:
                                    type: string
                                  type: array
                              type: object
                            failureThreshold:
                              description: Minimum consecutive failures for the probe
                                to be considered failed after having succeeded. Defaults
                                to 3. Minimum value is 1.
                              format: int32
                              type: integer
                            grpc:
                              description: GRPC specifies an action involving a GRPC
                                port. This is a beta field and requires enabling GRPCContainerProbe
                                feature gate.
                              properties:
                                port:
                                  description: Port number of the gRPC service. Number
                                    must be in the range 1 to 65535.
                                  format: int32
                                  type: integer
                                service:
                                  description: "Service is the name of the service
                                    to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                    \n If this is not specified, the default behavior
                                    is defined by gRPC."
                                  type: string
                              required:
                              - port
                              type: object
                            httpGet:
                              description: HTTPGet specifies the http request to perform.
                              properties:
                                host:
                                  description: Host name to connect to, defaults to
                                    the pod IP. You probably want to set "Host" in
                                    httpHeaders instead.
                                  type: string
                                httpHeaders:
                                  description: Custom headers to set in the request.
                                    HTTP allows repeated headers.
                                  items:
                                    description: HTTPHeader describes a custom header
                                      to be used in HTTP probes
                                    properties:
                                      name:
                                        description: The header field name
                                        type: string
                                      value:
                                        description: The header field value
                                        type: string
                                    required:
                                    - name
                                    - value
                                    type: object
                                  type: array
                                path:
                                  description: Path to access on the HTTP server.
                                  type: string
                                port:
                                  anyOf:
                                  - type: integer
                                  - type: string
                                  description: Name or number of the port to access
                                    on the container. Number must be in the range
                                    1 to 65535. Name must be an IANA_SVC_NAME.
                                  x-kubernetes-int-or-string: true
                                scheme:
                                  description: Scheme to use for connecting to the
                                    host. Defaults to HTTP.
                                  type: string
                              required:
                              - port
                              type: object
                            initialDelaySeconds:
                              description: 'Number of seconds after the container
                                has started before liveness probes are initiated.
                                More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                              format: int32
                              type: integer
                            periodSeconds:
                              description: How often (in seconds) to perform the probe.
                                Default to 10 seconds. Minimum value is 1.
                              format: int32
                              type: integer
                            successThreshold:
                              description: Minimum consecutive successes for the probe
                                to be considered successful after having failed. Defaults
                                to 1. Must be 1 for liveness and startup. Minimum
                                value is 1.
                              format: int32
                              type: integer
                            tcpSocket:
                              description: TCPSocket specifies an action involving
                                a TCP port.
                              properties:
                                host:
                                  description: 'Optional: Host name to connect to,
                                    defaults to the pod IP.'
                                  type: string
                                port:
                                  anyOf:
                                  - type: integer
                                  - type: string
                                  description: Number or name of the port to access
                                    on the container. Number must be in the range
                                    1 to 65535. Name must be an IANA_SVC_NAME.
                                  x-kubernetes-int-or-string: true
                              required:
                              - port
                              type: object
                            terminationGracePeriodSeconds:
                              description: Optional duration in seconds the pod needs
                                to terminate gracefully upon probe failure. The grace
                                period is the duration in seconds after the processes
                                running in the pod are sent a termination signal and
                                the time when the processes are forcibly halted with
                                a kill signal. Set this value longer than the expected
                                cleanup time for your process. If this value is nil,
                                the pod's terminationGracePeriodSeconds will be used.
                                Otherwise, this value overrides the value provided
                                by the pod spec. Value must be non-negative integer.
                                The value zero indicates stop immediately via the
                                kill signal (no opportunity to shut down). This is
                                a beta field and requires enabling ProbeTerminationGracePeriod
                                feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
                                is used if unset.
                              format: int64
                              type: integer
                            timeoutSeconds:
                              description: 'Number of seconds after which the probe
                                times out. Defaults to 1 second. Minimum value is
                                1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                              format: int32
                              type: integer
                          type: object
                        stdin:
                          description: Whether this container should allocate a buffer
                            for stdin in the container runtime. If this is not set,
                            reads from stdin in the container will always result in
                            EOF. Default is false.
                          type: boolean
                        stdinOnce:
                          description: Whether the container runtime should close
                            the stdin channel after it has been opened by a single
                            attach. When stdin is true the stdin stream will remain
                            open across multiple attach sessions. If stdinOnce is
                            set to true, stdin is opened on container start, is empty
                            until the first client attaches to stdin, and then remains
                            open and accepts data until the client disconnects, at
                            which time stdin is closed and remains closed until the
                            container is restarted. If this flag is false, a container
                            processes that reads from stdin will never receive an
                            EOF. Default is false
                          type: boolean
                        terminationMessagePath:
                          description: 'Optional: Path at which the file to which
                            the container''s termination message will be written is
                            mounted into the container''s filesystem. Message written
                            is intended to be brief final status, such as an assertion
                            failure message. Will be truncated by the node if greater
                            than 4096 bytes. The total message length across all containers
                            will be limited to 12kb. Defaults to /dev/termination-log.
                            Cannot be updated.'
                          type: string
                        terminationMessagePolicy:
                          description: Indicate how the termination message should
                            be populated. File will use the contents of terminationMessagePath
                            to populate the container status message on both success
                            and failure. FallbackToLogsOnError will use the last chunk
                            of container log output if the termination message file
                            is empty and the container exited with an error. The log
                            output is limited to 2048 bytes or 80 lines, whichever
                            is smaller. Defaults to File. Cannot be updated.
                          type: string
                        tty:
                          description: Whether this container should allocate a TTY
                            for itself, also requires 'stdin' to be true. Default
                            is false.
                          type: boolean
                        volumeDevices:
                          description: volumeDevices is the list of block devices
                            to be used by the container.
                          items:
                            description: volumeDevice describes a mapping of a raw
                              block device within a container.
                            properties:
                              devicePath:
                                description: devicePath is the path inside of the
                                  container that the device will be mapped to.
                                type: string
                              name:
                                description: name must match the name of a persistentVolumeClaim
                                  in the pod
                                type: string
                            required:
                            - devicePath
                            - name
                            type: object
                          type: array
                        volumeMounts:
                          description: Pod volumes to mount into the container's filesystem.
                            Cannot be updated.
                          items:
                            description: VolumeMount describes a mounting of a Volume
                              within a container.
                            properties:
                              mountPath:
                                description: Path within the container at which the
                                  volume should be mounted.  Must not contain ':'.
                                type: string
                              mountPropagation:
                                description: mountPropagation determines how mounts
                                  are propagated from the host to container and the
                                  other way around. When not set, MountPropagationNone
                                  is used. This field is beta in 1.10.
                                type: string
                              name:
                                description: This must match the Name of a Volume.
                                type: string
                              readOnly:
                                description: Mounted read-only if true, read-write
                                  otherwise (false or unspecified). Defaults to false.
                                type: boolean
                              subPath:
                                description: Path within the volume from which the
                                  container's volume should be mounted. Defaults to
                                  "" (volume's root).
                                type: string
                              subPathExpr:
                                description: Expanded path within the volume from
                                  which the container's volume should be mounted.
                                  Behaves similarly to SubPath but environment variable
                                  references $(VAR_NAME) are expanded using the container's
                                  environment. Defaults to "" (volume's root). SubPathExpr
                                  and SubPath are mutually exclusive.
                                type: string
                            required:
                            - mountPath
                            - name
                            type: object
                          type: array
                        workingDir:
                          description: Container's working directory. If not specified,
                            the container runtime's default will be used, which might
                            be configured in the container image. Cannot be updated.
                          type: string
                      required:
                      - name
                      type: object
                    type: array
                  nodeName:
                    description: NodeName is a request to schedule this pod onto a
                      specific node. If it is non-empty, the scheduler simply schedules
                      this pod onto that node, assuming that it fits resource requirements.
                    type: string
                  nodeSelector:
                    additionalProperties:
                      type: string
                    description: 'NodeSelector is a selector which must be true for
                      the pod to fit on a node. Selector which must match a node''s
                      labels for the pod to be scheduled on that node. More info:
                      https://kubernetes.io/docs/concepts/configuration/assign-pod-node/'
                    type: object
                    x-kubernetes-map-type: atomic
                  os:
                    description: "Specifies the OS of the containers in the pod. Some
                      pod and container fields are restricted if this is set. \n If
                      the OS field is set to linux, the following fields must be unset:
                      -securityContext.windowsOptions \n If the OS field is set to
                      windows, following fields must be unset: - spec.hostPID - spec.hostIPC
                      - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile
                      - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy
                      - spec.securityContext.sysctls - spec.shareProcessNamespace
                      - spec.securityContext.runAsUser - spec.securityContext.runAsGroup
                      - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.seLinuxOptions
                      - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities
                      - spec.containers[*].securityContext.readOnlyRootFilesystem
                      - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation
                      - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser
                      - spec.containers[*].securityContext.runAsGroup This is a beta
                      field and requires the IdentifyPodOS feature"
                    properties:
                      name:
                        description: 'Name is the name of the operating system. The
                          currently supported values are linux and windows. Additional
                          value may be defined in future and can be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration
                          Clients should expect to handle additional values and treat
                          unrecognized values in this field as os: null'
                        type: string
                    required:
                    - name
                    type: object
                  overhead:
                    additionalProperties:
                      anyOf:
                      - type: integer
                      - type: string
                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                      x-kubernetes-int-or-string: true
                    description: 'Overhead represents the resource overhead associated
                      with running a pod for a given RuntimeClass. This field will
                      be autopopulated at admission time by the RuntimeClass admission
                      controller. If the RuntimeClass admission controller is enabled,
                      overhead must not be set in Pod create requests. The RuntimeClass
                      admission controller will reject Pod create requests which have
                      the overhead already set. If RuntimeClass is configured and
                      selected in the PodSpec, Overhead will be set to the value defined
                      in the corresponding RuntimeClass, otherwise it will remain
                      unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md'
                    type: object
                  preemptionPolicy:
                    description: PreemptionPolicy is the Policy for preempting pods
                      with lower priority. One of Never, PreemptLowerPriority. Defaults
                      to PreemptLowerPriority if unset.
                    type: string
                  priority:
                    description: The priority value. Various system components use
                      this field to find the priority of the pod. When Priority Admission
                      Controller is enabled, it prevents users from setting this field.
                      The admission controller populates this field from PriorityClassName.
                      The higher the value, the higher the priority.
                    format: int32
                    type: integer
                  priorityClassName:
                    description: If specified, indicates the pod's priority. "system-node-critical"
                      and "system-cluster-critical" are two special keywords which
                      indicate the highest priorities with the former being the highest
                      priority. Any other name must be defined by creating a PriorityClass
                      object with that name. If not specified, the pod priority will
                      be default or zero if there is no default.
                    type: string
                  readinessGates:
                    description: 'If specified, all readiness gates will be evaluated
                      for pod readiness. A pod is ready when all its containers are
                      ready AND all conditions specified in the readiness gates have
                      status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates'
                    items:
                      description: PodReadinessGate contains the reference to a pod
                        condition
                      properties:
                        conditionType:
                          description: ConditionType refers to a condition in the
                            pod's condition list with matching type.
                          type: string
                      required:
                      - conditionType
                      type: object
                    type: array
                  restartPolicy:
                    description: 'Restart policy for all containers within the pod.
                      One of Always, OnFailure, Never. Default to Always. More info:
                      https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy'
                    type: string
                  runtimeClassName:
                    description: 'RuntimeClassName refers to a RuntimeClass object
                      in the node.k8s.io group, which should be used to run this pod.  If
                      no RuntimeClass resource matches the named class, the pod will
                      not be run. If unset or empty, the "legacy" RuntimeClass will
                      be used, which is an implicit class with an empty definition
                      that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class'
                    type: string
                  schedulerName:
                    description: If specified, the pod will be dispatched by specified
                      scheduler. If not specified, the pod will be dispatched by default
                      scheduler.
                    type: string
                  securityContext:
                    description: 'SecurityContext holds pod-level security attributes
                      and common container settings. Optional: Defaults to empty.  See
                      type description for default values of each field.'
                    properties:
                      fsGroup:
                        description: "A special supplemental group that applies to
                          all containers in a pod. Some volume types allow the Kubelet
                          to change the ownership of that volume to be owned by the
                          pod: \n 1. The owning GID will be the FSGroup 2. The setgid
                          bit is set (new files created in the volume will be owned
                          by FSGroup) 3. The permission bits are OR'd with rw-rw----
                          \n If unset, the Kubelet will not modify the ownership and
                          permissions of any volume. Note that this field cannot be
                          set when spec.os.name is windows."
                        format: int64
                        type: integer
                      fsGroupChangePolicy:
                        description: 'fsGroupChangePolicy defines behavior of changing
                          ownership and permission of the volume before being exposed
                          inside Pod. This field will only apply to volume types which
                          support fsGroup based ownership(and permissions). It will
                          have no effect on ephemeral volume types such as: secret,
                          configmaps and emptydir. Valid values are "OnRootMismatch"
                          and "Always". If not specified, "Always" is used. Note that
                          this field cannot be set when spec.os.name is windows.'
                        type: string
                      runAsGroup:
                        description: The GID to run the entrypoint of the container
                          process. Uses runtime default if unset. May also be set
                          in SecurityContext.  If set in both SecurityContext and
                          PodSecurityContext, the value specified in SecurityContext
                          takes precedence for that container. Note that this field
                          cannot be set when spec.os.name is windows.
                        format: int64
                        type: integer
                      runAsNonRoot:
                        description: Indicates that the container must run as a non-root
                          user. If true, the Kubelet will validate the image at runtime
                          to ensure that it does not run as UID 0 (root) and fail
                          to start the container if it does. If unset or false, no
                          such validation will be performed. May also be set in SecurityContext.  If
                          set in both SecurityContext and PodSecurityContext, the
                          value specified in SecurityContext takes precedence.
                        type: boolean
                      runAsUser:
                        description: The UID to run the entrypoint of the container
                          process. Defaults to user specified in image metadata if
                          unspecified. May also be set in SecurityContext.  If set
                          in both SecurityContext and PodSecurityContext, the value
                          specified in SecurityContext takes precedence for that container.
                          Note that this field cannot be set when spec.os.name is
                          windows.
                        format: int64
                        type: integer
                      seLinuxOptions:
                        description: The SELinux context to be applied to all containers.
                          If unspecified, the container runtime will allocate a random
                          SELinux context for each container.  May also be set in
                          SecurityContext.  If set in both SecurityContext and PodSecurityContext,
                          the value specified in SecurityContext takes precedence
                          for that container. Note that this field cannot be set when
                          spec.os.name is windows.
                        properties:
                          level:
                            description: Level is SELinux level label that applies
                              to the container.
                            type: string
                          role:
                            description: Role is a SELinux role label that applies
                              to the container.
                            type: string
                          type:
                            description: Type is a SELinux type label that applies
                              to the container.
                            type: string
                          user:
                            description: User is a SELinux user label that applies
                              to the container.
                            type: string
                        type: object
                      seccompProfile:
                        description: The seccomp options to use by the containers
                          in this pod. Note that this field cannot be set when spec.os.name
                          is windows.
                        properties:
                          localhostProfile:
                            description: localhostProfile indicates a profile defined
                              in a file on the node should be used. The profile must
                              be preconfigured on the node to work. Must be a descending
                              path, relative to the kubelet's configured seccomp profile
                              location. Must only be set if type is "Localhost".
                            type: string
                          type:
                            description: "type indicates which kind of seccomp profile
                              will be applied. Valid options are: \n Localhost - a
                              profile defined in a file on the node should be used.
                              RuntimeDefault - the container runtime default profile
                              should be used. Unconfined - no profile should be applied."
                            type: string
                        required:
                        - type
                        type: object
                      supplementalGroups:
                        description: A list of groups applied to the first process
                          run in each container, in addition to the container's primary
                          GID.  If unspecified, no groups will be added to any container.
                          Note that this field cannot be set when spec.os.name is
                          windows.
                        items:
                          format: int64
                          type: integer
                        type: array
                      sysctls:
                        description: Sysctls hold a list of namespaced sysctls used
                          for the pod. Pods with unsupported sysctls (by the container
                          runtime) might fail to launch. Note that this field cannot
                          be set when spec.os.name is windows.
                        items:
                          description: Sysctl defines a kernel parameter to be set
                          properties:
                            name:
                              description: Name of a property to set
                              type: string
                            value:
                              description: Value of a property to set
                              type: string
                          required:
                          - name
                          - value
                          type: object
                        type: array
                      windowsOptions:
                        description: The Windows specific settings applied to all
                          containers. If unspecified, the options within a container's
                          SecurityContext will be used. If set in both SecurityContext
                          and PodSecurityContext, the value specified in SecurityContext
                          takes precedence. Note that this field cannot be set when
                          spec.os.name is linux.
                        properties:
                          gmsaCredentialSpec:
                            description: GMSACredentialSpec is where the GMSA admission
                              webhook (https://github.com/kubernetes-sigs/windows-gmsa)
                              inlines the contents of the GMSA credential spec named
                              by the GMSACredentialSpecName field.
                            type: string
                          gmsaCredentialSpecName:
                            description: GMSACredentialSpecName is the name of the
                              GMSA credential spec to use.
                            type: string
                          hostProcess:
                            description: HostProcess determines if a container should
                              be run as a 'Host Process' container. This field is
                              alpha-level and will only be honored by components that
                              enable the WindowsHostProcessContainers feature flag.
                              Setting this field without the feature flag will result
                              in errors when validating the Pod. All of a Pod's containers
                              must have the same effective HostProcess value (it is
                              not allowed to have a mix of HostProcess containers
                              and non-HostProcess containers).  In addition, if HostProcess
                              is true then HostNetwork must also be set to true.
                            type: boolean
                          runAsUserName:
                            description: The UserName in Windows to run the entrypoint
                              of the container process. Defaults to the user specified
                              in image metadata if unspecified. May also be set in
                              PodSecurityContext. If set in both SecurityContext and
                              PodSecurityContext, the value specified in SecurityContext
                              takes precedence.
                            type: string
                        type: object
                    type: object
                  serviceAccount:
                    description: 'DeprecatedServiceAccount is a depreciated alias
                      for ServiceAccountName. Deprecated: Use serviceAccountName instead.'
                    type: string
                  serviceAccountName:
                    description: 'ServiceAccountName is the name of the ServiceAccount
                      to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/'
                    type: string
                  setHostnameAsFQDN:
                    description: If true the pod's hostname will be configured as
                      the pod's FQDN, rather than the leaf name (the default). In
                      Linux containers, this means setting the FQDN in the hostname
                      field of the kernel (the nodename field of struct utsname).
                      In Windows containers, this means setting the registry value
                      of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters
                      to FQDN. If a pod does not have FQDN, this has no effect. Default
                      to false.
                    type: boolean
                  shareProcessNamespace:
                    description: 'Share a single process namespace between all of
                      the containers in a pod. When this is set containers will be
                      able to view and signal processes from other containers in the
                      same pod, and the first process in each container will not be
                      assigned PID 1. HostPID and ShareProcessNamespace cannot both
                      be set. Optional: Default to false.'
                    type: boolean
                  subdomain:
                    description: If specified, the fully qualified Pod hostname will
                      be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>".
                      If not specified, the pod will not have a domainname at all.
                    type: string
                  terminationGracePeriodSeconds:
                    description: Optional duration in seconds the pod needs to terminate
                      gracefully. May be decreased in delete request. Value must be
                      non-negative integer. The value zero indicates stop immediately
                      via the kill signal (no opportunity to shut down). If this value
                      is nil, the default grace period will be used instead. The grace
                      period is the duration in seconds after the processes running
                      in the pod are sent a termination signal and the time when the
                      processes are forcibly halted with a kill signal. Set this value
                      longer than the expected cleanup time for your process. Defaults
                      to 30 seconds.
                    format: int64
                    type: integer
                  tolerations:
                    description: If specified, the pod's tolerations.
                    items:
                      description: The pod this Toleration is attached to tolerates
                        any taint that matches the triple <key,value,effect> using
                        the matching operator <operator>.
                      properties:
                        effect:
                          description: Effect indicates the taint effect to match.
                            Empty means match all taint effects. When specified, allowed
                            values are NoSchedule, PreferNoSchedule and NoExecute.
                          type: string
                        key:
                          description: Key is the taint key that the toleration applies
                            to. Empty means match all taint keys. If the key is empty,
                            operator must be Exists; this combination means to match
                            all values and all keys.
                          type: string
                        operator:
                          description: Operator represents a key's relationship to
                            the value. Valid operators are Exists and Equal. Defaults
                            to Equal. Exists is equivalent to wildcard for value,
                            so that a pod can tolerate all taints of a particular
                            category.
                          type: string
                        tolerationSeconds:
                          description: TolerationSeconds represents the period of
                            time the toleration (which must be of effect NoExecute,
                            otherwise this field is ignored) tolerates the taint.
                            By default, it is not set, which means tolerate the taint
                            forever (do not evict). Zero and negative values will
                            be treated as 0 (evict immediately) by the system.
                          format: int64
                          type: integer
                        value:
                          description: Value is the taint value the toleration matches
                            to. If the operator is Exists, the value should be empty,
                            otherwise just a regular string.
                          type: string
                      type: object
                    type: array
                  topologySpreadConstraints:
                    description: TopologySpreadConstraints describes how a group of
                      pods ought to spread across topology domains. Scheduler will
                      schedule pods in a way which abides by the constraints. All
                      topologySpreadConstraints are ANDed.
                    items:
                      description: TopologySpreadConstraint specifies how to spread
                        matching pods among the given topology.
                      properties:
                        labelSelector:
                          description: LabelSelector is used to find matching pods.
                            Pods that match this label selector are counted to determine
                            the number of pods in their corresponding topology domain.
                          properties:
                            matchExpressions:
                              description: matchExpressions is a list of label selector
                                requirements. The requirements are ANDed.
                              items:
                                description: A label selector requirement is a selector
                                  that contains values, a key, and an operator that
                                  relates the key and values.
                                properties:
                                  key:
                                    description: key is the label key that the selector
                                      applies to.
                                    type: string
                                  operator:
                                    description: operator represents a key's relationship
                                      to a set of values. Valid operators are In,
                                      NotIn, Exists and DoesNotExist.
                                    type: string
                                  values:
                                    description: values is an array of string values.
                                      If the operator is In or NotIn, the values array
                                      must be non-empty. If the operator is Exists
                                      or DoesNotExist, the values array must be empty.
                                      This array is replaced during a strategic merge
                                      patch.
                                    items:
                                      type: string
                                    type: array
                                required:
                                - key
                                - operator
                                type: object
                              type: array
                            matchLabels:
                              additionalProperties:
                                type: string
                              description: matchLabels is a map of {key,value} pairs.
                                A single {key,value} in the matchLabels map is equivalent
                                to an element of matchExpressions, whose key field
                                is "key", the operator is "In", and the values array
                                contains only "value". The requirements are ANDed.
                              type: object
                          type: object
                        maxSkew:
                          description: 'MaxSkew describes the degree to which pods
                            may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`,
                            it is the maximum permitted difference between the number
                            of matching pods in the target topology and the global
                            minimum. The global minimum is the minimum number of matching
                            pods in an eligible domain or zero if the number of eligible
                            domains is less than MinDomains. For example, in a 3-zone
                            cluster, MaxSkew is set to 1, and pods with the same labelSelector
                            spread as 2/2/1: In this case, the global minimum is 1.
                            | zone1 | zone2 | zone3 | |  P P  |  P P  |   P   | -
                            if MaxSkew is 1, incoming pod can only be scheduled to
                            zone3 to become 2/2/2; scheduling it onto zone1(zone2)
                            would make the ActualSkew(3-1) on zone1(zone2) violate
                            MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled
                            onto any zone. When `whenUnsatisfiable=ScheduleAnyway`,
                            it is used to give higher precedence to topologies that
                            satisfy it. It''s a required field. Default value is 1
                            and 0 is not allowed.'
                          format: int32
                          type: integer
                        minDomains:
                          description: "MinDomains indicates a minimum number of eligible
                            domains. When the number of eligible domains with matching
                            topology keys is less than minDomains, Pod Topology Spread
                            treats \"global minimum\" as 0, and then the calculation
                            of Skew is performed. And when the number of eligible
                            domains with matching topology keys equals or greater
                            than minDomains, this value has no effect on scheduling.
                            As a result, when the number of eligible domains is less
                            than minDomains, scheduler won't schedule more than maxSkew
                            Pods to those domains. If value is nil, the constraint
                            behaves as if MinDomains is equal to 1. Valid values are
                            integers greater than 0. When value is not nil, WhenUnsatisfiable
                            must be DoNotSchedule. \n For example, in a 3-zone cluster,
                            MaxSkew is set to 2, MinDomains is set to 5 and pods with
                            the same labelSelector spread as 2/2/2: | zone1 | zone2
                            | zone3 | |  P P  |  P P  |  P P  | The number of domains
                            is less than 5(MinDomains), so \"global minimum\" is treated
                            as 0. In this situation, new pod with the same labelSelector
                            cannot be scheduled, because computed skew will be 3(3
                            - 0) if new Pod is scheduled to any of the three zones,
                            it will violate MaxSkew. \n This is an alpha field and
                            requires enabling MinDomainsInPodTopologySpread feature
                            gate."
                          format: int32
                          type: integer
                        topologyKey:
                          description: TopologyKey is the key of node labels. Nodes
                            that have a label with this key and identical values are
                            considered to be in the same topology. We consider each
                            <key, value> as a "bucket", and try to put balanced number
                            of pods into each bucket. We define a domain as a particular
                            instance of a topology. Also, we define an eligible domain
                            as a domain whose nodes match the node selector. e.g.
                            If TopologyKey is "kubernetes.io/hostname", each Node
                            is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone",
                            each zone is a domain of that topology. It's a required
                            field.
                          type: string
                        whenUnsatisfiable:
                          description: 'WhenUnsatisfiable indicates how to deal with
                            a pod if it doesn''t satisfy the spread constraint. -
                            DoNotSchedule (default) tells the scheduler not to schedule
                            it. - ScheduleAnyway tells the scheduler to schedule the
                            pod in any location,   but giving higher precedence to
                            topologies that would help reduce the   skew. A constraint
                            is considered "Unsatisfiable" for an incoming pod if and
                            only if every possible node assignment for that pod would
                            violate "MaxSkew" on some topology. For example, in a
                            3-zone cluster, MaxSkew is set to 1, and pods with the
                            same labelSelector spread as 3/1/1: | zone1 | zone2 |
                            zone3 | | P P P |   P   |   P   | If WhenUnsatisfiable
                            is set to DoNotSchedule, incoming pod can only be scheduled
                            to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1)
                            on zone2(zone3) satisfies MaxSkew(1). In other words,
                            the cluster can still be imbalanced, but scheduler won''t
                            make it *more* imbalanced. It''s a required field.'
                          type: string
                      required:
                      - maxSkew
                      - topologyKey
                      - whenUnsatisfiable
                      type: object
                    type: array
                    x-kubernetes-list-map-keys:
                    - topologyKey
                    - whenUnsatisfiable
                    x-kubernetes-list-type: map
                  volumes:
                    description: 'List of volumes that can be mounted by containers
                      belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes'
                    items:
                      description: Volume represents a named volume in a pod that
                        may be accessed by any container in the pod.
                      properties:
                        awsElasticBlockStore:
                          description: 'awsElasticBlockStore represents an AWS Disk
                            resource that is attached to a kubelet''s host machine
                            and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
                          properties:
                            fsType:
                              description: 'fsType is the filesystem type of the volume
                                that you want to mount. Tip: Ensure that the filesystem
                                type is supported by the host operating system. Examples:
                                "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
                                if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
                                TODO: how do we prevent errors in the filesystem from
                                compromising the machine'
                              type: string
                            partition:
                              description: 'partition is the partition in the volume
                                that you want to mount. If omitted, the default is
                                to mount by volume name. Examples: For volume /dev/sda1,
                                you specify the partition as "1". Similarly, the volume
                                partition for /dev/sda is "0" (or you can leave the
                                property empty).'
                              format: int32
                              type: integer
                            readOnly:
                              description: 'readOnly value true will force the readOnly
                                setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
                              type: boolean
                            volumeID:
                              description: 'volumeID is unique ID of the persistent
                                disk resource in AWS (Amazon EBS volume). More info:
                                https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
                              type: string
                          required:
                          - volumeID
                          type: object
                        azureDisk:
                          description: azureDisk represents an Azure Data Disk mount
                            on the host and bind mount to the pod.
                          properties:
                            cachingMode:
                              description: 'cachingMode is the Host Caching mode:
                                None, Read Only, Read Write.'
                              type: string
                            diskName:
                              description: diskName is the Name of the data disk in
                                the blob storage
                              type: string
                            diskURI:
                              description: diskURI is the URI of data disk in the
                                blob storage
                              type: string
                            fsType:
                              description: fsType is Filesystem type to mount. Must
                                be a filesystem type supported by the host operating
                                system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred
                                to be "ext4" if unspecified.
                              type: string
                            kind:
                              description: 'kind expected values are Shared: multiple
                                blob disks per storage account  Dedicated: single
                                blob disk per storage account  Managed: azure managed
                                data disk (only in managed availability set). defaults
                                to shared'
                              type: string
                            readOnly:
                              description: readOnly Defaults to false (read/write).
                                ReadOnly here will force the ReadOnly setting in VolumeMounts.
                              type: boolean
                          required:
                          - diskName
                          - diskURI
                          type: object
                        azureFile:
                          description: azureFile represents an Azure File Service
                            mount on the host and bind mount to the pod.
                          properties:
                            readOnly:
                              description: readOnly defaults to false (read/write).
                                ReadOnly here will force the ReadOnly setting in VolumeMounts.
                              type: boolean
                            secretName:
                              description: secretName is the  name of secret that
                                contains Azure Storage Account Name and Key
                              type: string
                            shareName:
                              description: shareName is the azure share Name
                              type: string
                          required:
                          - secretName
                          - shareName
                          type: object
                        cephfs:
                          description: cephFS represents a Ceph FS mount on the host
                            that shares a pod's lifetime
                          properties:
                            monitors:
                              description: 'monitors is Required: Monitors is a collection
                                of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                              items:
                                type: string
                              type: array
                            path:
                              description: 'path is Optional: Used as the mounted
                                root, rather than the full Ceph tree, default is /'
                              type: string
                            readOnly:
                              description: 'readOnly is Optional: Defaults to false
                                (read/write). ReadOnly here will force the ReadOnly
                                setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                              type: boolean
                            secretFile:
                              description: 'secretFile is Optional: SecretFile is
                                the path to key ring for User, default is /etc/ceph/user.secret
                                More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                              type: string
                            secretRef:
                              description: 'secretRef is Optional: SecretRef is reference
                                to the authentication secret for User, default is
                                empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                              properties:
                                name:
                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    TODO: Add other useful fields. apiVersion, kind,
                                    uid?'
                                  type: string
                              type: object
                            user:
                              description: 'user is optional: User is the rados user
                                name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
                              type: string
                          required:
                          - monitors
                          type: object
                        cinder:
                          description: 'cinder represents a cinder volume attached
                            and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
                          properties:
                            fsType:
                              description: 'fsType is the filesystem type to mount.
                                Must be a filesystem type supported by the host operating
                                system. Examples: "ext4", "xfs", "ntfs". Implicitly
                                inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
                              type: string
                            readOnly:
                              description: 'readOnly defaults to false (read/write).
                                ReadOnly here will force the ReadOnly setting in VolumeMounts.
                                More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
                              type: boolean
                            secretRef:
                              description: 'secretRef is optional: points to a secret
                                object containing parameters used to connect to OpenStack.'
                              properties:
                                name:
                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    TODO: Add other useful fields. apiVersion, kind,
                                    uid?'
                                  type: string
                              type: object
                            volumeID:
                              description: 'volumeID used to identify the volume in
                                cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
                              type: string
                          required:
                          - volumeID
                          type: object
                        configMap:
                          description: configMap represents a configMap that should
                            populate this volume
                          properties:
                            defaultMode:
                              description: 'defaultMode is optional: mode bits used
                                to set permissions on created files by default. Must
                                be an octal value between 0000 and 0777 or a decimal
                                value between 0 and 511. YAML accepts both octal and
                                decimal values, JSON requires decimal values for mode
                                bits. Defaults to 0644. Directories within the path
                                are not affected by this setting. This might be in
                                conflict with other options that affect the file mode,
                                like fsGroup, and the result can be other mode bits
                                set.'
                              format: int32
                              type: integer
                            items:
                              description: items if unspecified, each key-value pair
                                in the Data field of the referenced ConfigMap will
                                be projected into the volume as a file whose name
                                is the key and content is the value. If specified,
                                the listed keys will be projected into the specified
                                paths, and unlisted keys will not be present. If a
                                key is specified which is not present in the ConfigMap,
                                the volume setup will error unless it is marked optional.
                                Paths must be relative and may not contain the '..'
                                path or start with '..'.
                              items:
                                description: Maps a string key to a path within a
                                  volume.
                                properties:
                                  key:
                                    description: key is the key to project.
                                    type: string
                                  mode:
                                    description: 'mode is Optional: mode bits used
                                      to set permissions on this file. Must be an
                                      octal value between 0000 and 0777 or a decimal
                                      value between 0 and 511. YAML accepts both octal
                                      and decimal values, JSON requires decimal values
                                      for mode bits. If not specified, the volume
                                      defaultMode will be used. This might be in conflict
                                      with other options that affect the file mode,
                                      like fsGroup, and the result can be other mode
                                      bits set.'
                                    format: int32
                                    type: integer
                                  path:
                                    description: path is the relative path of the
                                      file to map the key to. May not be an absolute
                                      path. May not contain the path element '..'.
                                      May not start with the string '..'.
                                    type: string
                                required:
                                - key
                                - path
                                type: object
                              type: array
                            name:
                              description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                TODO: Add other useful fields. apiVersion, kind, uid?'
                              type: string
                            optional:
                              description: optional specify whether the ConfigMap
                                or its keys must be defined
                              type: boolean
                          type: object
                        csi:
                          description: csi (Container Storage Interface) represents
                            ephemeral storage that is handled by certain external
                            CSI drivers (Beta feature).
                          properties:
                            driver:
                              description: driver is the name of the CSI driver that
                                handles this volume. Consult with your admin for the
                                correct name as registered in the cluster.
                              type: string
                            fsType:
                              description: fsType to mount. Ex. "ext4", "xfs", "ntfs".
                                If not provided, the empty value is passed to the
                                associated CSI driver which will determine the default
                                filesystem to apply.
                              type: string
                            nodePublishSecretRef:
                              description: nodePublishSecretRef is a reference to
                                the secret object containing sensitive information
                                to pass to the CSI driver to complete the CSI NodePublishVolume
                                and NodeUnpublishVolume calls. This field is optional,
                                and  may be empty if no secret is required. If the
                                secret object contains more than one secret, all secret
                                references are passed.
                              properties:
                                name:
                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    TODO: Add other useful fields. apiVersion, kind,
                                    uid?'
                                  type: string
                              type: object
                            readOnly:
                              description: readOnly specifies a read-only configuration
                                for the volume. Defaults to false (read/write).
                              type: boolean
                            volumeAttributes:
                              additionalProperties:
                                type: string
                              description: volumeAttributes stores driver-specific
                                properties that are passed to the CSI driver. Consult
                                your driver's documentation for supported values.
                              type: object
                          required:
                          - driver
                          type: object
                        downwardAPI:
                          description: downwardAPI represents downward API about the
                            pod that should populate this volume
                          properties:
                            defaultMode:
                              description: 'Optional: mode bits to use on created
                                files by default. Must be a Optional: mode bits used
                                to set permissions on created files by default. Must
                                be an octal value between 0000 and 0777 or a decimal
                                value between 0 and 511. YAML accepts both octal and
                                decimal values, JSON requires decimal values for mode
                                bits. Defaults to 0644. Directories within the path
                                are not affected by this setting. This might be in
                                conflict with other options that affect the file mode,
                                like fsGroup, and the result can be other mode bits
                                set.'
                              format: int32
                              type: integer
                            items:
                              description: Items is a list of downward API volume
                                file
                              items:
                                description: DownwardAPIVolumeFile represents information
                                  to create the file containing the pod field
                                properties:
                                  fieldRef:
                                    description: 'Required: Selects a field of the
                                      pod: only annotations, labels, name and namespace
                                      are supported.'
                                    properties:
                                      apiVersion:
                                        description: Version of the schema the FieldPath
                                          is written in terms of, defaults to "v1".
                                        type: string
                                      fieldPath:
                                        description: Path of the field to select in
                                          the specified API version.
                                        type: string
                                    required:
                                    - fieldPath
                                    type: object
                                  mode:
                                    description: 'Optional: mode bits used to set
                                      permissions on this file, must be an octal value
                                      between 0000 and 0777 or a decimal value between
                                      0 and 511. YAML accepts both octal and decimal
                                      values, JSON requires decimal values for mode
                                      bits. If not specified, the volume defaultMode
                                      will be used. This might be in conflict with
                                      other options that affect the file mode, like
                                      fsGroup, and the result can be other mode bits
                                      set.'
                                    format: int32
                                    type: integer
                                  path:
                                    description: 'Required: Path is  the relative
                                      path name of the file to be created. Must not
                                      be absolute or contain the ''..'' path. Must
                                      be utf-8 encoded. The first item of the relative
                                      path must not start with ''..'''
                                    type: string
                                  resourceFieldRef:
                                    description: 'Selects a resource of the container:
                                      only resources limits and requests (limits.cpu,
                                      limits.memory, requests.cpu and requests.memory)
                                      are currently supported.'
                                    properties:
                                      containerName:
                                        description: 'Container name: required for
                                          volumes, optional for env vars'
                                        type: string
                                      divisor:
                                        anyOf:
                                        - type: integer
                                        - type: string
                                        description: Specifies the output format of
                                          the exposed resources, defaults to "1"
                                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                        x-kubernetes-int-or-string: true
                                      resource:
                                        description: 'Required: resource to select'
                                        type: string
                                    required:
                                    - resource
                                    type: object
                                required:
                                - path
                                type: object
                              type: array
                          type: object
                        emptyDir:
                          description: 'emptyDir represents a temporary directory
                            that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
                          properties:
                            medium:
                              description: 'medium represents what type of storage
                                medium should back this directory. The default is
                                "" which means to use the node''s default medium.
                                Must be an empty string (default) or Memory. More
                                info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
                              type: string
                            sizeLimit:
                              anyOf:
                              - type: integer
                              - type: string
                              description: 'sizeLimit is the total amount of local
                                storage required for this EmptyDir volume. The size
                                limit is also applicable for memory medium. The maximum
                                usage on memory medium EmptyDir would be the minimum
                                value between the SizeLimit specified here and the
                                sum of memory limits of all containers in a pod. The
                                default is nil which means that the limit is undefined.
                                More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                              x-kubernetes-int-or-string: true
                          type: object
                        ephemeral:
                          description: "ephemeral represents a volume that is handled
                            by a cluster storage driver. The volume's lifecycle is
                            tied to the pod that defines it - it will be created before
                            the pod starts, and deleted when the pod is removed. \n
                            Use this if: a) the volume is only needed while the pod
                            runs, b) features of normal volumes like restoring from
                            snapshot or capacity    tracking are needed, c) the storage
                            driver is specified through a storage class, and d) the
                            storage driver supports dynamic volume provisioning through
                            \   a PersistentVolumeClaim (see EphemeralVolumeSource
                            for more    information on the connection between this
                            volume type    and PersistentVolumeClaim). \n Use PersistentVolumeClaim
                            or one of the vendor-specific APIs for volumes that persist
                            for longer than the lifecycle of an individual pod. \n
                            Use CSI for light-weight local ephemeral volumes if the
                            CSI driver is meant to be used that way - see the documentation
                            of the driver for more information. \n A pod can use both
                            types of ephemeral volumes and persistent volumes at the
                            same time."
                          properties:
                            volumeClaimTemplate:
                              description: "Will be used to create a stand-alone PVC
                                to provision the volume. The pod in which this EphemeralVolumeSource
                                is embedded will be the owner of the PVC, i.e. the
                                PVC will be deleted together with the pod.  The name
                                of the PVC will be `<pod name>-<volume name>` where
                                `<volume name>` is the name from the `PodSpec.Volumes`
                                array entry. Pod validation will reject the pod if
                                the concatenated name is not valid for a PVC (for
                                example, too long). \n An existing PVC with that name
                                that is not owned by the pod will *not* be used for
                                the pod to avoid using an unrelated volume by mistake.
                                Starting the pod is then blocked until the unrelated
                                PVC is removed. If such a pre-created PVC is meant
                                to be used by the pod, the PVC has to updated with
                                an owner reference to the pod once the pod exists.
                                Normally this should not be necessary, but it may
                                be useful when manually reconstructing a broken cluster.
                                \n This field is read-only and no changes will be
                                made by Kubernetes to the PVC after it has been created.
                                \n Required, must not be nil."
                              properties:
                                metadata:
                                  description: May contain labels and annotations
                                    that will be copied into the PVC when creating
                                    it. No other fields are allowed and will be rejected
                                    during validation.
                                  type: object
                                spec:
                                  description: The specification for the PersistentVolumeClaim.
                                    The entire content is copied unchanged into the
                                    PVC that gets created from this template. The
                                    same fields as in a PersistentVolumeClaim are
                                    also valid here.
                                  properties:
                                    accessModes:
                                      description: 'accessModes contains the desired
                                        access modes the volume should have. More
                                        info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
                                      items:
                                        type: string
                                      type: array
                                    dataSource:
                                      description: 'dataSource field can be used to
                                        specify either: * An existing VolumeSnapshot
                                        object (snapshot.storage.k8s.io/VolumeSnapshot)
                                        * An existing PVC (PersistentVolumeClaim)
                                        If the provisioner or an external controller
                                        can support the specified data source, it
                                        will create a new volume based on the contents
                                        of the specified data source. If the AnyVolumeDataSource
                                        feature gate is enabled, this field will always
                                        have the same contents as the DataSourceRef
                                        field.'
                                      properties:
                                        apiGroup:
                                          description: APIGroup is the group for the
                                            resource being referenced. If APIGroup
                                            is not specified, the specified Kind must
                                            be in the core API group. For any other
                                            third-party types, APIGroup is required.
                                          type: string
                                        kind:
                                          description: Kind is the type of resource
                                            being referenced
                                          type: string
                                        name:
                                          description: Name is the name of resource
                                            being referenced
                                          type: string
                                      required:
                                      - kind
                                      - name
                                      type: object
                                    dataSourceRef:
                                      description: 'dataSourceRef specifies the object
                                        from which to populate the volume with data,
                                        if a non-empty volume is desired. This may
                                        be any local object from a non-empty API group
                                        (non core object) or a PersistentVolumeClaim
                                        object. When this field is specified, volume
                                        binding will only succeed if the type of the
                                        specified object matches some installed volume
                                        populator or dynamic provisioner. This field
                                        will replace the functionality of the DataSource
                                        field and as such if both fields are non-empty,
                                        they must have the same value. For backwards
                                        compatibility, both fields (DataSource and
                                        DataSourceRef) will be set to the same value
                                        automatically if one of them is empty and
                                        the other is non-empty. There are two important
                                        differences between DataSource and DataSourceRef:
                                        * While DataSource only allows two specific
                                        types of objects, DataSourceRef   allows any
                                        non-core object, as well as PersistentVolumeClaim
                                        objects. * While DataSource ignores disallowed
                                        values (dropping them), DataSourceRef   preserves
                                        all values, and generates an error if a disallowed
                                        value is   specified. (Beta) Using this field
                                        requires the AnyVolumeDataSource feature gate
                                        to be enabled.'
                                      properties:
                                        apiGroup:
                                          description: APIGroup is the group for the
                                            resource being referenced. If APIGroup
                                            is not specified, the specified Kind must
                                            be in the core API group. For any other
                                            third-party types, APIGroup is required.
                                          type: string
                                        kind:
                                          description: Kind is the type of resource
                                            being referenced
                                          type: string
                                        name:
                                          description: Name is the name of resource
                                            being referenced
                                          type: string
                                      required:
                                      - kind
                                      - name
                                      type: object
                                    resources:
                                      description: 'resources represents the minimum
                                        resources the volume should have. If RecoverVolumeExpansionFailure
                                        feature is enabled users are allowed to specify
                                        resource requirements that are lower than
                                        previous value but must still be higher than
                                        capacity recorded in the status field of the
                                        claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
                                      properties:
                                        limits:
                                          additionalProperties:
                                            anyOf:
                                            - type: integer
                                            - type: string
                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                            x-kubernetes-int-or-string: true
                                          description: 'Limits describes the maximum
                                            amount of compute resources allowed. More
                                            info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                          type: object
                                        requests:
                                          additionalProperties:
                                            anyOf:
                                            - type: integer
                                            - type: string
                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                            x-kubernetes-int-or-string: true
                                          description: 'Requests describes the minimum
                                            amount of compute resources required.
                                            If Requests is omitted for a container,
                                            it defaults to Limits if that is explicitly
                                            specified, otherwise to an implementation-defined
                                            value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                          type: object
                                      type: object
                                    selector:
                                      description: selector is a label query over
                                        volumes to consider for binding.
                                      properties:
                                        matchExpressions:
                                          description: matchExpressions is a list
                                            of label selector requirements. The requirements
                                            are ANDed.
                                          items:
                                            description: A label selector requirement
                                              is a selector that contains values,
                                              a key, and an operator that relates
                                              the key and values.
                                            properties:
                                              key:
                                                description: key is the label key
                                                  that the selector applies to.
                                                type: string
                                              operator:
                                                description: operator represents a
                                                  key's relationship to a set of values.
                                                  Valid operators are In, NotIn, Exists
                                                  and DoesNotExist.
                                                type: string
                                              values:
                                                description: values is an array of
                                                  string values. If the operator is
                                                  In or NotIn, the values array must
                                                  be non-empty. If the operator is
                                                  Exists or DoesNotExist, the values
                                                  array must be empty. This array
                                                  is replaced during a strategic merge
                                                  patch.
                                                items:
                                                  type: string
                                                type: array
                                            required:
                                            - key
                                            - operator
                                            type: object
                                          type: array
                                        matchLabels:
                                          additionalProperties:
                                            type: string
                                          description: matchLabels is a map of {key,value}
                                            pairs. A single {key,value} in the matchLabels
                                            map is equivalent to an element of matchExpressions,
                                            whose key field is "key", the operator
                                            is "In", and the values array contains
                                            only "value". The requirements are ANDed.
                                          type: object
                                      type: object
                                    storageClassName:
                                      description: 'storageClassName is the name of
                                        the StorageClass required by the claim. More
                                        info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
                                      type: string
                                    volumeMode:
                                      description: volumeMode defines what type of
                                        volume is required by the claim. Value of
                                        Filesystem is implied when not included in
                                        claim spec.
                                      type: string
                                    volumeName:
                                      description: volumeName is the binding reference
                                        to the PersistentVolume backing this claim.
                                      type: string
                                  type: object
                              required:
                              - spec
                              type: object
                          type: object
                        fc:
                          description: fc represents a Fibre Channel resource that
                            is attached to a kubelet's host machine and then exposed
                            to the pod.
                          properties:
                            fsType:
                              description: 'fsType is the filesystem type to mount.
                                Must be a filesystem type supported by the host operating
                                system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred
                                to be "ext4" if unspecified. TODO: how do we prevent
                                errors in the filesystem from compromising the machine'
                              type: string
                            lun:
                              description: 'lun is Optional: FC target lun number'
                              format: int32
                              type: integer
                            readOnly:
                              description: 'readOnly is Optional: Defaults to false
                                (read/write). ReadOnly here will force the ReadOnly
                                setting in VolumeMounts.'
                              type: boolean
                            targetWWNs:
                              description: 'targetWWNs is Optional: FC target worldwide
                                names (WWNs)'
                              items:
                                type: string
                              type: array
                            wwids:
                              description: 'wwids Optional: FC volume world wide identifiers
                                (wwids) Either wwids or combination of targetWWNs
                                and lun must be set, but not both simultaneously.'
                              items:
                                type: string
                              type: array
                          type: object
                        flexVolume:
                          description: flexVolume represents a generic volume resource
                            that is provisioned/attached using an exec based plugin.
                          properties:
                            driver:
                              description: driver is the name of the driver to use
                                for this volume.
                              type: string
                            fsType:
                              description: fsType is the filesystem type to mount.
                                Must be a filesystem type supported by the host operating
                                system. Ex. "ext4", "xfs", "ntfs". The default filesystem
                                depends on FlexVolume script.
                              type: string
                            options:
                              additionalProperties:
                                type: string
                              description: 'options is Optional: this field holds
                                extra command options if any.'
                              type: object
                            readOnly:
                              description: 'readOnly is Optional: defaults to false
                                (read/write). ReadOnly here will force the ReadOnly
                                setting in VolumeMounts.'
                              type: boolean
                            secretRef:
                              description: 'secretRef is Optional: secretRef is reference
                                to the secret object containing sensitive information
                                to pass to the plugin scripts. This may be empty if
                                no secret object is specified. If the secret object
                                contains more than one secret, all secrets are passed
                                to the plugin scripts.'
                              properties:
                                name:
                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    TODO: Add other useful fields. apiVersion, kind,
                                    uid?'
                                  type: string
                              type: object
                          required:
                          - driver
                          type: object
                        flocker:
                          description: flocker represents a Flocker volume attached
                            to a kubelet's host machine. This depends on the Flocker
                            control service being running
                          properties:
                            datasetName:
                              description: datasetName is Name of the dataset stored
                                as metadata -> name on the dataset for Flocker should
                                be considered as deprecated
                              type: string
                            datasetUUID:
                              description: datasetUUID is the UUID of the dataset.
                                This is unique identifier of a Flocker dataset
                              type: string
                          type: object
                        gcePersistentDisk:
                          description: 'gcePersistentDisk represents a GCE Disk resource
                            that is attached to a kubelet''s host machine and then
                            exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
                          properties:
                            fsType:
                              description: 'fsType is filesystem type of the volume
                                that you want to mount. Tip: Ensure that the filesystem
                                type is supported by the host operating system. Examples:
                                "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
                                if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
                                TODO: how do we prevent errors in the filesystem from
                                compromising the machine'
                              type: string
                            partition:
                              description: 'partition is the partition in the volume
                                that you want to mount. If omitted, the default is
                                to mount by volume name. Examples: For volume /dev/sda1,
                                you specify the partition as "1". Similarly, the volume
                                partition for /dev/sda is "0" (or you can leave the
                                property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
                              format: int32
                              type: integer
                            pdName:
                              description: 'pdName is unique name of the PD resource
                                in GCE. Used to identify the disk in GCE. More info:
                                https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
                              type: string
                            readOnly:
                              description: 'readOnly here will force the ReadOnly
                                setting in VolumeMounts. Defaults to false. More info:
                                https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
                              type: boolean
                          required:
                          - pdName
                          type: object
                        gitRepo:
                          description: 'gitRepo represents a git repository at a particular
                            revision. DEPRECATED: GitRepo is deprecated. To provision
                            a container with a git repo, mount an EmptyDir into an
                            InitContainer that clones the repo using git, then mount
                            the EmptyDir into the Pod''s container.'
                          properties:
                            directory:
                              description: directory is the target directory name.
                                Must not contain or start with '..'.  If '.' is supplied,
                                the volume directory will be the git repository.  Otherwise,
                                if specified, the volume will contain the git repository
                                in the subdirectory with the given name.
                              type: string
                            repository:
                              description: repository is the URL
                              type: string
                            revision:
                              description: revision is the commit hash for the specified
                                revision.
                              type: string
                          required:
                          - repository
                          type: object
                        glusterfs:
                          description: 'glusterfs represents a Glusterfs mount on
                            the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md'
                          properties:
                            endpoints:
                              description: 'endpoints is the endpoint name that details
                                Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
                              type: string
                            path:
                              description: 'path is the Glusterfs volume path. More
                                info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
                              type: string
                            readOnly:
                              description: 'readOnly here will force the Glusterfs
                                volume to be mounted with read-only permissions. Defaults
                                to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
                              type: boolean
                          required:
                          - endpoints
                          - path
                          type: object
                        hostPath:
                          description: 'hostPath represents a pre-existing file or
                            directory on the host machine that is directly exposed
                            to the container. This is generally used for system agents
                            or other privileged things that are allowed to see the
                            host machine. Most containers will NOT need this. More
                            info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
                            --- TODO(jonesdl) We need to restrict who can use host
                            directory mounts and who can/can not mount host directories
                            as read/write.'
                          properties:
                            path:
                              description: 'path of the directory on the host. If
                                the path is a symlink, it will follow the link to
                                the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
                              type: string
                            type:
                              description: 'type for HostPath Volume Defaults to ""
                                More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
                              type: string
                          required:
                          - path
                          type: object
                        iscsi:
                          description: 'iscsi represents an ISCSI Disk resource that
                            is attached to a kubelet''s host machine and then exposed
                            to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
                          properties:
                            chapAuthDiscovery:
                              description: chapAuthDiscovery defines whether support
                                iSCSI Discovery CHAP authentication
                              type: boolean
                            chapAuthSession:
                              description: chapAuthSession defines whether support
                                iSCSI Session CHAP authentication
                              type: boolean
                            fsType:
                              description: 'fsType is the filesystem type of the volume
                                that you want to mount. Tip: Ensure that the filesystem
                                type is supported by the host operating system. Examples:
                                "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
                                if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
                                TODO: how do we prevent errors in the filesystem from
                                compromising the machine'
                              type: string
                            initiatorName:
                              description: initiatorName is the custom iSCSI Initiator
                                Name. If initiatorName is specified with iscsiInterface
                                simultaneously, new iSCSI interface <target portal>:<volume
                                name> will be created for the connection.
                              type: string
                            iqn:
                              description: iqn is the target iSCSI Qualified Name.
                              type: string
                            iscsiInterface:
                              description: iscsiInterface is the interface Name that
                                uses an iSCSI transport. Defaults to 'default' (tcp).
                              type: string
                            lun:
                              description: lun represents iSCSI Target Lun number.
                              format: int32
                              type: integer
                            portals:
                              description: portals is the iSCSI Target Portal List.
                                The portal is either an IP or ip_addr:port if the
                                port is other than default (typically TCP ports 860
                                and 3260).
                              items:
                                type: string
                              type: array
                            readOnly:
                              description: readOnly here will force the ReadOnly setting
                                in VolumeMounts. Defaults to false.
                              type: boolean
                            secretRef:
                              description: secretRef is the CHAP Secret for iSCSI
                                target and initiator authentication
                              properties:
                                name:
                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    TODO: Add other useful fields. apiVersion, kind,
                                    uid?'
                                  type: string
                              type: object
                            targetPortal:
                              description: targetPortal is iSCSI Target Portal. The
                                Portal is either an IP or ip_addr:port if the port
                                is other than default (typically TCP ports 860 and
                                3260).
                              type: string
                          required:
                          - iqn
                          - lun
                          - targetPortal
                          type: object
                        name:
                          description: 'name of the volume. Must be a DNS_LABEL and
                            unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
                          type: string
                        nfs:
                          description: 'nfs represents an NFS mount on the host that
                            shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
                          properties:
                            path:
                              description: 'path that is exported by the NFS server.
                                More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
                              type: string
                            readOnly:
                              description: 'readOnly here will force the NFS export
                                to be mounted with read-only permissions. Defaults
                                to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
                              type: boolean
                            server:
                              description: 'server is the hostname or IP address of
                                the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
                              type: string
                          required:
                          - path
                          - server
                          type: object
                        persistentVolumeClaim:
                          description: 'persistentVolumeClaimVolumeSource represents
                            a reference to a PersistentVolumeClaim in the same namespace.
                            More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
                          properties:
                            claimName:
                              description: 'claimName is the name of a PersistentVolumeClaim
                                in the same namespace as the pod using this volume.
                                More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
                              type: string
                            readOnly:
                              description: readOnly Will force the ReadOnly setting
                                in VolumeMounts. Default false.
                              type: boolean
                          required:
                          - claimName
                          type: object
                        photonPersistentDisk:
                          description: photonPersistentDisk represents a PhotonController
                            persistent disk attached and mounted on kubelets host
                            machine
                          properties:
                            fsType:
                              description: fsType is the filesystem type to mount.
                                Must be a filesystem type supported by the host operating
                                system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred
                                to be "ext4" if unspecified.
                              type: string
                            pdID:
                              description: pdID is the ID that identifies Photon Controller
                                persistent disk
                              type: string
                          required:
                          - pdID
                          type: object
                        portworxVolume:
                          description: portworxVolume represents a portworx volume
                            attached and mounted on kubelets host machine
                          properties:
                            fsType:
                              description: fSType represents the filesystem type to
                                mount Must be a filesystem type supported by the host
                                operating system. Ex. "ext4", "xfs". Implicitly inferred
                                to be "ext4" if unspecified.
                              type: string
                            readOnly:
                              description: readOnly defaults to false (read/write).
                                ReadOnly here will force the ReadOnly setting in VolumeMounts.
                              type: boolean
                            volumeID:
                              description: volumeID uniquely identifies a Portworx
                                volume
                              type: string
                          required:
                          - volumeID
                          type: object
                        projected:
                          description: projected items for all in one resources secrets,
                            configmaps, and downward API
                          properties:
                            defaultMode:
                              description: defaultMode are the mode bits used to set
                                permissions on created files by default. Must be an
                                octal value between 0000 and 0777 or a decimal value
                                between 0 and 511. YAML accepts both octal and decimal
                                values, JSON requires decimal values for mode bits.
                                Directories within the path are not affected by this
                                setting. This might be in conflict with other options
                                that affect the file mode, like fsGroup, and the result
                                can be other mode bits set.
                              format: int32
                              type: integer
                            sources:
                              description: sources is the list of volume projections
                              items:
                                description: Projection that may be projected along
                                  with other supported volume types
                                properties:
                                  configMap:
                                    description: configMap information about the configMap
                                      data to project
                                    properties:
                                      items:
                                        description: items if unspecified, each key-value
                                          pair in the Data field of the referenced
                                          ConfigMap will be projected into the volume
                                          as a file whose name is the key and content
                                          is the value. If specified, the listed keys
                                          will be projected into the specified paths,
                                          and unlisted keys will not be present. If
                                          a key is specified which is not present
                                          in the ConfigMap, the volume setup will
                                          error unless it is marked optional. Paths
                                          must be relative and may not contain the
                                          '..' path or start with '..'.
                                        items:
                                          description: Maps a string key to a path
                                            within a volume.
                                          properties:
                                            key:
                                              description: key is the key to project.
                                              type: string
                                            mode:
                                              description: 'mode is Optional: mode
                                                bits used to set permissions on this
                                                file. Must be an octal value between
                                                0000 and 0777 or a decimal value between
                                                0 and 511. YAML accepts both octal
                                                and decimal values, JSON requires
                                                decimal values for mode bits. If not
                                                specified, the volume defaultMode
                                                will be used. This might be in conflict
                                                with other options that affect the
                                                file mode, like fsGroup, and the result
                                                can be other mode bits set.'
                                              format: int32
                                              type: integer
                                            path:
                                              description: path is the relative path
                                                of the file to map the key to. May
                                                not be an absolute path. May not contain
                                                the path element '..'. May not start
                                                with the string '..'.
                                              type: string
                                          required:
                                          - key
                                          - path
                                          type: object
                                        type: array
                                      name:
                                        description: 'Name of the referent. More info:
                                          https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                          TODO: Add other useful fields. apiVersion,
                                          kind, uid?'
                                        type: string
                                      optional:
                                        description: optional specify whether the
                                          ConfigMap or its keys must be defined
                                        type: boolean
                                    type: object
                                  downwardAPI:
                                    description: downwardAPI information about the
                                      downwardAPI data to project
                                    properties:
                                      items:
                                        description: Items is a list of DownwardAPIVolume
                                          file
                                        items:
                                          description: DownwardAPIVolumeFile represents
                                            information to create the file containing
                                            the pod field
                                          properties:
                                            fieldRef:
                                              description: 'Required: Selects a field
                                                of the pod: only annotations, labels,
                                                name and namespace are supported.'
                                              properties:
                                                apiVersion:
                                                  description: Version of the schema
                                                    the FieldPath is written in terms
                                                    of, defaults to "v1".
                                                  type: string
                                                fieldPath:
                                                  description: Path of the field to
                                                    select in the specified API version.
                                                  type: string
                                              required:
                                              - fieldPath
                                              type: object
                                            mode:
                                              description: 'Optional: mode bits used
                                                to set permissions on this file, must
                                                be an octal value between 0000 and
                                                0777 or a decimal value between 0
                                                and 511. YAML accepts both octal and
                                                decimal values, JSON requires decimal
                                                values for mode bits. If not specified,
                                                the volume defaultMode will be used.
                                                This might be in conflict with other
                                                options that affect the file mode,
                                                like fsGroup, and the result can be
                                                other mode bits set.'
                                              format: int32
                                              type: integer
                                            path:
                                              description: 'Required: Path is  the
                                                relative path name of the file to
                                                be created. Must not be absolute or
                                                contain the ''..'' path. Must be utf-8
                                                encoded. The first item of the relative
                                                path must not start with ''..'''
                                              type: string
                                            resourceFieldRef:
                                              description: 'Selects a resource of
                                                the container: only resources limits
                                                and requests (limits.cpu, limits.memory,
                                                requests.cpu and requests.memory)
                                                are currently supported.'
                                              properties:
                                                containerName:
                                                  description: 'Container name: required
                                                    for volumes, optional for env
                                                    vars'
                                                  type: string
                                                divisor:
                                                  anyOf:
                                                  - type: integer
                                                  - type: string
                                                  description: Specifies the output
                                                    format of the exposed resources,
                                                    defaults to "1"
                                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                  x-kubernetes-int-or-string: true
                                                resource:
                                                  description: 'Required: resource
                                                    to select'
                                                  type: string
                                              required:
                                              - resource
                                              type: object
                                          required:
                                          - path
                                          type: object
                                        type: array
                                    type: object
                                  secret:
                                    description: secret information about the secret
                                      data to project
                                    properties:
                                      items:
                                        description: items if unspecified, each key-value
                                          pair in the Data field of the referenced
                                          Secret will be projected into the volume
                                          as a file whose name is the key and content
                                          is the value. If specified, the listed keys
                                          will be projected into the specified paths,
                                          and unlisted keys will not be present. If
                                          a key is specified which is not present
                                          in the Secret, the volume setup will error
                                          unless it is marked optional. Paths must
                                          be relative and may not contain the '..'
                                          path or start with '..'.
                                        items:
                                          description: Maps a string key to a path
                                            within a volume.
                                          properties:
                                            key:
                                              description: key is the key to project.
                                              type: string
                                            mode:
                                              description: 'mode is Optional: mode
                                                bits used to set permissions on this
                                                file. Must be an octal value between
                                                0000 and 0777 or a decimal value between
                                                0 and 511. YAML accepts both octal
                                                and decimal values, JSON requires
                                                decimal values for mode bits. If not
                                                specified, the volume defaultMode
                                                will be used. This might be in conflict
                                                with other options that affect the
                                                file mode, like fsGroup, and the result
                                                can be other mode bits set.'
                                              format: int32
                                              type: integer
                                            path:
                                              description: path is the relative path
                                                of the file to map the key to. May
                                                not be an absolute path. May not contain
                                                the path element '..'. May not start
                                                with the string '..'.
                                              type: string
                                          required:
                                          - key
                                          - path
                                          type: object
                                        type: array
                                      name:
                                        description: 'Name of the referent. More info:
                                          https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                          TODO: Add other useful fields. apiVersion,
                                          kind, uid?'
                                        type: string
                                      optional:
                                        description: optional field specify whether
                                          the Secret or its key must be defined
                                        type: boolean
                                    type: object
                                  serviceAccountToken:
                                    description: serviceAccountToken is information
                                      about the serviceAccountToken data to project
                                    properties:
                                      audience:
                                        description: audience is the intended audience
                                          of the token. A recipient of a token must
                                          identify itself with an identifier specified
                                          in the audience of the token, and otherwise
                                          should reject the token. The audience defaults
                                          to the identifier of the apiserver.
                                        type: string
                                      expirationSeconds:
                                        description: expirationSeconds is the requested
                                          duration of validity of the service account
                                          token. As the token approaches expiration,
                                          the kubelet volume plugin will proactively
                                          rotate the service account token. The kubelet
                                          will start trying to rotate the token if
                                          the token is older than 80 percent of its
                                          time to live or if the token is older than
                                          24 hours.Defaults to 1 hour and must be
                                          at least 10 minutes.
                                        format: int64
                                        type: integer
                                      path:
                                        description: path is the path relative to
                                          the mount point of the file to project the
                                          token into.
                                        type: string
                                    required:
                                    - path
                                    type: object
                                type: object
                              type: array
                          type: object
                        quobyte:
                          description: quobyte represents a Quobyte mount on the host
                            that shares a pod's lifetime
                          properties:
                            group:
                              description: group to map volume access to Default is
                                no group
                              type: string
                            readOnly:
                              description: readOnly here will force the Quobyte volume
                                to be mounted with read-only permissions. Defaults
                                to false.
                              type: boolean
                            registry:
                              description: registry represents a single or multiple
                                Quobyte Registry services specified as a string as
                                host:port pair (multiple entries are separated with
                                commas) which acts as the central registry for volumes
                              type: string
                            tenant:
                              description: tenant owning the given Quobyte volume
                                in the Backend Used with dynamically provisioned Quobyte
                                volumes, value is set by the plugin
                              type: string
                            user:
                              description: user to map volume access to Defaults to
                                serivceaccount user
                              type: string
                            volume:
                              description: volume is a string that references an already
                                created Quobyte volume by name.
                              type: string
                          required:
                          - registry
                          - volume
                          type: object
                        rbd:
                          description: 'rbd represents a Rados Block Device mount
                            on the host that shares a pod''s lifetime. More info:
                            https://examples.k8s.io/volumes/rbd/README.md'
                          properties:
                            fsType:
                              description: 'fsType is the filesystem type of the volume
                                that you want to mount. Tip: Ensure that the filesystem
                                type is supported by the host operating system. Examples:
                                "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
                                if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
                                TODO: how do we prevent errors in the filesystem from
                                compromising the machine'
                              type: string
                            image:
                              description: 'image is the rados image name. More info:
                                https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                              type: string
                            keyring:
                              description: 'keyring is the path to key ring for RBDUser.
                                Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                              type: string
                            monitors:
                              description: 'monitors is a collection of Ceph monitors.
                                More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                              items:
                                type: string
                              type: array
                            pool:
                              description: 'pool is the rados pool name. Default is
                                rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                              type: string
                            readOnly:
                              description: 'readOnly here will force the ReadOnly
                                setting in VolumeMounts. Defaults to false. More info:
                                https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                              type: boolean
                            secretRef:
                              description: 'secretRef is name of the authentication
                                secret for RBDUser. If provided overrides keyring.
                                Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                              properties:
                                name:
                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    TODO: Add other useful fields. apiVersion, kind,
                                    uid?'
                                  type: string
                              type: object
                            user:
                              description: 'user is the rados user name. Default is
                                admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
                              type: string
                          required:
                          - image
                          - monitors
                          type: object
                        scaleIO:
                          description: scaleIO represents a ScaleIO persistent volume
                            attached and mounted on Kubernetes nodes.
                          properties:
                            fsType:
                              description: fsType is the filesystem type to mount.
                                Must be a filesystem type supported by the host operating
                                system. Ex. "ext4", "xfs", "ntfs". Default is "xfs".
                              type: string
                            gateway:
                              description: gateway is the host address of the ScaleIO
                                API Gateway.
                              type: string
                            protectionDomain:
                              description: protectionDomain is the name of the ScaleIO
                                Protection Domain for the configured storage.
                              type: string
                            readOnly:
                              description: readOnly Defaults to false (read/write).
                                ReadOnly here will force the ReadOnly setting in VolumeMounts.
                              type: boolean
                            secretRef:
                              description: secretRef references to the secret for
                                ScaleIO user and other sensitive information. If this
                                is not provided, Login operation will fail.
                              properties:
                                name:
                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    TODO: Add other useful fields. apiVersion, kind,
                                    uid?'
                                  type: string
                              type: object
                            sslEnabled:
                              description: sslEnabled Flag enable/disable SSL communication
                                with Gateway, default false
                              type: boolean
                            storageMode:
                              description: storageMode indicates whether the storage
                                for a volume should be ThickProvisioned or ThinProvisioned.
                                Default is ThinProvisioned.
                              type: string
                            storagePool:
                              description: storagePool is the ScaleIO Storage Pool
                                associated with the protection domain.
                              type: string
                            system:
                              description: system is the name of the storage system
                                as configured in ScaleIO.
                              type: string
                            volumeName:
                              description: volumeName is the name of a volume already
                                created in the ScaleIO system that is associated with
                                this volume source.
                              type: string
                          required:
                          - gateway
                          - secretRef
                          - system
                          type: object
                        secret:
                          description: 'secret represents a secret that should populate
                            this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
                          properties:
                            defaultMode:
                              description: 'defaultMode is Optional: mode bits used
                                to set permissions on created files by default. Must
                                be an octal value between 0000 and 0777 or a decimal
                                value between 0 and 511. YAML accepts both octal and
                                decimal values, JSON requires decimal values for mode
                                bits. Defaults to 0644. Directories within the path
                                are not affected by this setting. This might be in
                                conflict with other options that affect the file mode,
                                like fsGroup, and the result can be other mode bits
                                set.'
                              format: int32
                              type: integer
                            items:
                              description: items If unspecified, each key-value pair
                                in the Data field of the referenced Secret will be
                                projected into the volume as a file whose name is
                                the key and content is the value. If specified, the
                                listed keys will be projected into the specified paths,
                                and unlisted keys will not be present. If a key is
                                specified which is not present in the Secret, the
                                volume setup will error unless it is marked optional.
                                Paths must be relative and may not contain the '..'
                                path or start with '..'.
                              items:
                                description: Maps a string key to a path within a
                                  volume.
                                properties:
                                  key:
                                    description: key is the key to project.
                                    type: string
                                  mode:
                                    description: 'mode is Optional: mode bits used
                                      to set permissions on this file. Must be an
                                      octal value between 0000 and 0777 or a decimal
                                      value between 0 and 511. YAML accepts both octal
                                      and decimal values, JSON requires decimal values
                                      for mode bits. If not specified, the volume
                                      defaultMode will be used. This might be in conflict
                                      with other options that affect the file mode,
                                      like fsGroup, and the result can be other mode
                                      bits set.'
                                    format: int32
                                    type: integer
                                  path:
                                    description: path is the relative path of the
                                      file to map the key to. May not be an absolute
                                      path. May not contain the path element '..'.
                                      May not start with the string '..'.
                                    type: string
                                required:
                                - key
                                - path
                                type: object
                              type: array
                            optional:
                              description: optional field specify whether the Secret
                                or its keys must be defined
                              type: boolean
                            secretName:
                              description: 'secretName is the name of the secret in
                                the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
                              type: string
                          type: object
                        storageos:
                          description: storageOS represents a StorageOS volume attached
                            and mounted on Kubernetes nodes.
                          properties:
                            fsType:
                              description: fsType is the filesystem type to mount.
                                Must be a filesystem type supported by the host operating
                                system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred
                                to be "ext4" if unspecified.
                              type: string
                            readOnly:
                              description: readOnly defaults to false (read/write).
                                ReadOnly here will force the ReadOnly setting in VolumeMounts.
                              type: boolean
                            secretRef:
                              description: secretRef specifies the secret to use for
                                obtaining the StorageOS API credentials.  If not specified,
                                default values will be attempted.
                              properties:
                                name:
                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    TODO: Add other useful fields. apiVersion, kind,
                                    uid?'
                                  type: string
                              type: object
                            volumeName:
                              description: volumeName is the human-readable name of
                                the StorageOS volume.  Volume names are only unique
                                within a namespace.
                              type: string
                            volumeNamespace:
                              description: volumeNamespace specifies the scope of
                                the volume within StorageOS.  If no namespace is specified
                                then the Pod's namespace will be used.  This allows
                                the Kubernetes name scoping to be mirrored within
                                StorageOS for tighter integration. Set VolumeName
                                to any name to override the default behaviour. Set
                                to "default" if you are not using namespaces within
                                StorageOS. Namespaces that do not pre-exist within
                                StorageOS will be created.
                              type: string
                          type: object
                        vsphereVolume:
                          description: vsphereVolume represents a vSphere volume attached
                            and mounted on kubelets host machine
                          properties:
                            fsType:
                              description: fsType is filesystem type to mount. Must
                                be a filesystem type supported by the host operating
                                system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred
                                to be "ext4" if unspecified.
                              type: string
                            storagePolicyID:
                              description: storagePolicyID is the storage Policy Based
                                Management (SPBM) profile ID associated with the StoragePolicyName.
                              type: string
                            storagePolicyName:
                              description: storagePolicyName is the storage Policy
                                Based Management (SPBM) profile name.
                              type: string
                            volumePath:
                              description: volumePath is the path that identifies
                                vSphere volume vmdk
                              type: string
                          required:
                          - volumePath
                          type: object
                      required:
                      - name
                      type: object
                    type: array
                required:
                - containers
                type: object
              prowjob_defaults:
                description: ProwJobDefault holds configuration options provided as
                  defaults in the Prow config
                properties:
                  tenant_id:
                    type: string
                type: object
              refs:
                description: Refs is the code under test, determined at runtime by
                  Prow itself
                properties:
                  base_link:
                    description: BaseLink is a link to the commit identified by BaseSHA.
                    type: string
                  base_ref:
                    type: string
                  base_sha:
                    type: string
                  clone_depth:
                    description: CloneDepth is the depth of the clone that will be
                      used. A depth of zero will do a full clone.
                    type: integer
                  clone_uri:
                    description: CloneURI is the URI that is used to clone the repository.
                      If unset, will default to `https://github.com/org/repo.git`.
                    type: string
                  org:
                    description: Org is something like kubernetes or k8s.io
                    type: string
                  path_alias:
                    description: PathAlias is the location under <root-dir>/src where
                      this repository is cloned. If this is not set, <root-dir>/src/github.com/org/repo
                      will be used as the default.
                    type: string
                  pulls:
                    items:
                      description: Pull describes a pull request at a particular point
                        in time.
                      properties:
                        author:
                          type: string
                        author_link:
                          description: AuthorLink links to the author of the pull
                            request.
                          type: string
                        commit_link:
                          description: CommitLink links to the commit identified by
                            the SHA.
                          type: string
                        link:
                          description: Link links to the pull request itself.
                          type: string
                        number:
                          type: integer
                        ref:
                          description: 'Ref is git ref can be checked out for a change
                            for example, github: pull/123/head gerrit: refs/changes/00/123/1'
                          type: string
                        sha:
                          type: string
                        title:
                          type: string
                      required:
                      - author
                      - number
                      - sha
                      type: object
                    type: array
                  repo:
                    description: Repo is something like test-infra
                    type: string
                  repo_link:
                    description: RepoLink links to the source for Repo.
                    type: string
                  skip_fetch_head:
                    description: SkipFetchHead tells prow to avoid a git fetch <remote>
                      call. Multiheaded repos may need to not make this call. The
                      git fetch <remote> <BaseRef> call occurs regardless.
                    type: boolean
                  skip_submodules:
                    description: SkipSubmodules determines if submodules should be
                      cloned when the job is run. Defaults to false.
                    type: boolean
                  workdir:
                    description: WorkDir defines if the location of the cloned repository
                      will be used as the default working directory.
                    type: boolean
                required:
                - org
                - repo
                type: object
              report:
                description: Report determines if the result of this job should be
                  reported (e.g. status on GitHub, message in Slack, etc.)
                type: boolean
              reporter_config:
                description: ReporterConfig holds reporter-specific configuration
                properties:
                  slack:
                    properties:
                      channel:
                        type: string
                      host:
                        type: string
                      job_states_to_report:
                        items:
                          description: ProwJobState specifies whether the job is running
                          type: string
                        type: array
                      report:
                        description: 'Report is derived from JobStatesToReport, it''s
                          used for differentiating nil from empty slice, as yaml roundtrip
                          by design can''t tell the difference when omitempty is supplied.
                          See https://github.com/kubernetes/test-infra/pull/24168
                          for details Priority-wise, it goes by following order: -
                          `report: true/false`` in job config - `JobStatesToReport:
                          <anything including empty slice>` in job config - `report:
                          true/false`` in global config - `JobStatesToReport:` in
                          global config'
                        type: boolean
                      report_template:
                        type: string
                    type: object
                type: object
              rerun_auth_config:
                description: RerunAuthConfig holds information about which users can
                  rerun the job
                properties:
                  allow_anyone:
                    description: If AllowAnyone is set to true, any user can rerun
                      the job
                    type: boolean
                  github_orgs:
                    description: GitHubOrgs contains names of GitHub organizations
                      whose members can rerun the job
                    items:
                      type: string
                    type: array
                  github_team_ids:
                    description: 'GitHubTeams contains IDs of GitHub teams of users
                      who can rerun the job If you know the name of a team and the
                      org it belongs to, you can look up its ID using this command,
                      where the team slug is the hyphenated name: curl -H "Authorization:
                      token <token>" "https://api.github.com/orgs/<org-name>/teams/<team
                      slug>" or, to list all teams in a given org, use curl -H "Authorization:
                      token <token>" "https://api.github.com/orgs/<org-name>/teams"'
                    items:
                      type: integer
                    type: array
                  github_team_slugs:
                    description: GitHubTeamSlugs contains slugs and orgs of teams
                      of users who can rerun the job
                    items:
                      properties:
                        org:
                          type: string
                        slug:
                          type: string
                      required:
                      - org
                      - slug
                      type: object
                    type: array
                  github_users:
                    description: GitHubUsers contains names of individual users who
                      can rerun the job
                    items:
                      type: string
                    type: array
                type: object
              rerun_command:
                description: RerunCommand is the command a user would write to trigger
                  this job on their pull request
                type: string
              type:
                description: Type is the type of job and informs how the jobs is triggered
                enum:
                - presubmit
                - postsubmit
                - periodic
                - batch
                type: string
            type: object
          status:
            anyOf:
            - not:
                properties:
                  state:
                    enum:
                    - "success"
                    - "failure"
                    - "error"
            - required:
              - completionTime
            description: ProwJobStatus provides runtime metadata, such as when it
              finished, whether it is running, etc.
            properties:
              build_id:
                description: BuildID is the build identifier vended either by tot
                  or the snowflake library for this job and used as an identifier
                  for grouping artifacts in GCS for views in TestGrid and Gubernator.
                  Idenitifiers vended by tot are monotonically increasing whereas
                  identifiers vended by the snowflake library are not.
                type: string
              completionTime:
                description: CompletionTime is the timestamp for when the job goes
                  to a final state
                format: date-time
                type: string
              description:
                type: string
              jenkins_build_id:
                description: JenkinsBuildID applies only to ProwJobs fulfilled by
                  the jenkins-operator. This field is the build identifier that Jenkins
                  gave to the build for this ProwJob.
                type: string
              pendingTime:
                description: PendingTime is the timestamp for when the job moved from
                  triggered to pending
                format: date-time
                type: string
              pod_name:
                description: PodName applies only to ProwJobs fulfilled by plank.
                  This field should always be the same as the ProwJob.ObjectMeta.Name
                  field.
                type: string
              prev_report_states:
                additionalProperties:
                  description: ProwJobState specifies whether the job is running
                  type: string
                description: PrevReportStates stores the previous reported prowjob
                  state per reporter So crier won't make duplicated report attempt
                type: object
              startTime:
                description: StartTime is equal to the creation time of the ProwJob
                format: date-time
                type: string
              state:
                description: ProwJobState specifies whether the job is running
                enum:
                - triggered
                - pending
                - success
                - failure
                - aborted
                - error
                type: string
              url:
                type: string
            type: object
        type: object
    served: true
    storage: true
    subresources: {}
status:
  acceptedNames:
    kind: ""
    plural: ""
  conditions: []
  storedVersions: []
